Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux Source Distribution for Firewalls?

Posted by Cliff on from the where-"do-it-yourself"-is-too-easy dept.

Peter Miller asks: "I want to build a new firewall. I want fine control over the exact contents of the disk. So I went looking at Linux source distributions. Every one I looked at (Gentoo, Lunar, etc) put the development environment on the final disk image. I don't think this is good for a firewall. Even Linux From Scratch does this, it isn't automated, and the nALFS UI is incomprehensible. I'd rather not have the package database in the final image, either. Micro-distros like FloppyFW doesn't publish their root image build script, and that's the route I'd like to follow. What do you security zealots out there use to build your firewalls from scratch?"

2 of 83 comments (clear)

  1. It depends, but usually... by Ratso+Baggins · · Score: 3, Interesting
    "What do you security zealots out there use to build your firewalls from scratch?"

    Not linux

    --

    --
    "we live in a post-ideological world..." - Billy Bragg.

  2. (Free||Open)BSD and a mod of the Soekris scripts by JumpSuit+Boy · · Score: 3, Interesting
    The Soekrisset of embedded boards for this purpose have bred a number of project that produce build setups for wired and wireless routers.
    Three points:

    they come with scripts and docs

    they produce bare (no dev tools) images to use on compact flash cards

    The dev machine is separate
    I use a modified version of an OpenBSD on an old watchguard box.

    See Soekris on OpenBSD and Soekris on FreeBSD

    --
    Oh really?