[ale] best dist for firewall?

Tyler Kiley tyler at kianta.com
Fri May 3 21:43:37 EDT 2002 

I'm intrigued by the idea of using removable media to store a firewall 
configuration.... would it be possible to mount a machine's /etc directory 
from a floppy, or is /etc required on the root filesystem?

Tyler

On Friday 03 May 2002 02:58 pm, cfowler wrote:
> A firewall is a firewall.
>
> It is not:
>
> A Mail Server
> A Web Server
> A Shell Server
> A Etc. Server
>
> It is a firewall
>
> Maybe a very tight shell to configure the rules.  But if you do
> it write you can create a firewall on floppy that would
> require mounting on a cliet machine to configure then booting up
> on.  Now that is a firewall!
>
> On Fri, 2002-05-03 at 14:28, Glenn C. Lasher Jr. wrote:
> > I will second this.  Slackware 8.0 is exactly the right distro for a
> > firewall.  Not only does it not suffer the operational and security
> > issues of RH, but it also even lets you pick --at install time-- what
> > version of kernel you want to run, and, if you pick 2.4.x, will let you
> > set up ReiserFS before installing.  We 'ave one.  Ees ver' nayze.
> >
> > On Thu, 2 May 2002, Transam wrote:
> > > > I'm setting up a firewall on a 120mhz, 16meg machine.  I'd like to
> > > > run iptables, snort/acid and a mysql db to store the snort info.
> > > >
> > > > Any recommended distros?  It'd be nice to get something minimal
> > > > (possibly tightened) but with the 2.4 kernel (for the stateful
> > > > firewalling capabilities).  I considered Slackware or Debian and then
> > > > upgrading the kernel, but the thought of compiling on a 120mhz
> > > > machine is not a happy one.  Considering Peanut as well, but it seems
> > > > to be heavily configured for the desktop.  I guess it's a last
> > > > resort.
> > >
> > > Slackware 8.0!  I've found Slackware FAR less buggy (both in security
> > > bugs and in annoying operational bugs) than either Red Hat or Mandrake
> > > and far easier to install.  It also requires FAR less security patches
> > > and thus yields a lower-maintenance system.  Some of this is due, I
> > > think, to their interest in the best disribution rather than the most
> > > money and easiest and most toys (sound familiar).  Some of it is due to
> > > less "stuff" on it. However, you certainly do NOT want a lot of extra
> > > junk on a Firewall.
> > >
> > > Sheesh.  RH7.1 did not even ship with a working IP Tables.  I had to
> > > download a working kernel and configure and compile it.
> > >
> > > I run Slackware on my Laptop and love it.  I use Red Hat on my desktop
> > > only because it is the most popular distribution with my clients and
> > > the friend who built my desktop put it on and I was too lazy to install
> > > Slackware over it.  (Installing Red Hat over a running Slackware system
> > > would have been just as much work and certainly greater than zero.)
> > >
> > > Any Set-UID or Set-GID program is a security risk.  When I build a
> > > Firewall I turn all of that stuff off.  X always is first on my list
> > > and GPM is second!
> > >
> > > > Thanks as always,
> > > >
> > > > John
> > >
> > > Bob Toxen
> > > transam at cavu.com                       [Bob's ALE Bulk email]
> > > bob at verysecurelinux.com                [Please use for email to me]
> > > http://www.verysecurelinux.com         [Network&Linux/Unix security
> > > consulting] http://www.realworldlinuxsecurity.com/ [My 5* book:"Real
> > > World Linux Security"] http://www.cavu.com/sunset.html        [Sunset
> > > Computer]
> > > Fly-By-Day Consulting, Inc.      "Don't go with a fly-by-night outfit!"
> > > Quality Linux & UNIX security and SysAdmin & software consulting since
> > > 1990.
> > >
> > > ---
> > > This message has been sent through the ALE general discussion list.
> > > See http://www.ale.org/mailing-lists.shtml for more info. Problems
> > > should be sent to listmaster at ale dot org.
> >
> > glasher at nycap.rr.com
> > You've been programmed by the Illuminati not to see the word "".
> >
> >
> > ---
> > This message has been sent through the ALE general discussion list.
> > See http://www.ale.org/mailing-lists.shtml for more info. Problems should
> > be sent to listmaster at ale dot org.
>
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should
> be sent to listmaster at ale dot org.


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.

More information about the Ale mailing list