[ale] best dist for firewall?

jb at sourceillustrated.com jb at sourceillustrated.com
Fri May 3 15:59:38 EDT 2002


Check out sentry firewall (www.sentryfirewall.com).  It mounts the operating
system from a cd and then your firewall ocnfig, etc. from a floppy.

John


> I'm intrigued by the idea of using removable media to store a firewall
> configuration.... would it be possible to mount a machine's /etc
> directory  from a floppy, or is /etc required on the root filesystem?
>
> Tyler
>
> On Friday 03 May 2002 02:58 pm, cfowler wrote:
>> A firewall is a firewall.
>>
>> It is not:
>>
>> A Mail Server
>> A Web Server
>> A Shell Server
>> A Etc. Server
>>
>> It is a firewall
>>
>> Maybe a very tight shell to configure the rules.  But if you do
>> it write you can create a firewall on floppy that would
>> require mounting on a cliet machine to configure then booting up on.
>> Now that is a firewall!
>>
>> On Fri, 2002-05-03 at 14:28, Glenn C. Lasher Jr. wrote:
>> > I will second this.  Slackware 8.0 is exactly the right distro for a
>> > firewall.  Not only does it not suffer the operational and security
>> > issues of RH, but it also even lets you pick --at install time--
>> > what version of kernel you want to run, and, if you pick 2.4.x, will
>> > let you set up ReiserFS before installing.  We 'ave one.  Ees ver'
>> > nayze.
>> >
>> > On Thu, 2 May 2002, Transam wrote:
>> > > > I'm setting up a firewall on a 120mhz, 16meg machine.  I'd like
>> > > > to run iptables, snort/acid and a mysql db to store the snort
>> > > > info.
>> > > >
>> > > > Any recommended distros?  It'd be nice to get something minimal
>> > > > (possibly tightened) but with the 2.4 kernel (for the stateful
>> > > > firewalling capabilities).  I considered Slackware or Debian and
>> > > > then upgrading the kernel, but the thought of compiling on a
>> > > > 120mhz machine is not a happy one.  Considering Peanut as well,
>> > > > but it seems to be heavily configured for the desktop.  I guess
>> > > > it's a last resort.
>> > >
>> > > Slackware 8.0!  I've found Slackware FAR less buggy (both in
>> > > security bugs and in annoying operational bugs) than either Red
>> > > Hat or Mandrake and far easier to install.  It also requires FAR
>> > > less security patches and thus yields a lower-maintenance system.
>> > > Some of this is due, I think, to their interest in the best
>> > > disribution rather than the most money and easiest and most toys
>> > > (sound familiar).  Some of it is due to less "stuff" on it.
>> > > However, you certainly do NOT want a lot of extra junk on a
>> > > Firewall.
>> > >
>> > > Sheesh.  RH7.1 did not even ship with a working IP Tables.  I had
>> > > to download a working kernel and configure and compile it.
>> > >
>> > > I run Slackware on my Laptop and love it.  I use Red Hat on my
>> > > desktop only because it is the most popular distribution with my
>> > > clients and the friend who built my desktop put it on and I was
>> > > too lazy to install Slackware over it.  (Installing Red Hat over a
>> > > running Slackware system would have been just as much work and
>> > > certainly greater than zero.)
>> > >
>> > > Any Set-UID or Set-GID program is a security risk.  When I build a
>> > > Firewall I turn all of that stuff off.  X always is first on my
>> > > list and GPM is second!
>> > >
>> > > > Thanks as always,
>> > > >
>> > > > John
>> > >
>> > > Bob Toxen
>> > > transam at cavu.com                       [Bob's ALE Bulk email]
>> > > bob at verysecurelinux.com                [Please use for email to
>> > > me] http://www.verysecurelinux.com         [Network&Linux/Unix
>> > > security consulting] http://www.realworldlinuxsecurity.com/ [My 5*
>> > > book:"Real World Linux Security"] http://www.cavu.com/sunset.html
>> > >       [Sunset Computer]
>> > > Fly-By-Day Consulting, Inc.      "Don't go with a fly-by-night
>> > > outfit!" Quality Linux & UNIX security and SysAdmin & software
>> > > consulting since 1990.
>> > >
>> > > ---
>> > > This message has been sent through the ALE general discussion
>> > > list. See http://www.ale.org/mailing-lists.shtml for more info.
>> > > Problems should be sent to listmaster at ale dot org.
>> >
>> > glasher at nycap.rr.com
>> > You've been programmed by the Illuminati not to see the word "".
>> >
>> >
>> > ---
>> > This message has been sent through the ALE general discussion list.
>> > See http://www.ale.org/mailing-lists.shtml for more info. Problems
>> > should be sent to listmaster at ale dot org.
>>
>> ---
>> This message has been sent through the ALE general discussion list.
>> See http://www.ale.org/mailing-lists.shtml for more info. Problems
>> should be sent to listmaster at ale dot org.




---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list