Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Linux router software recommendation?



On Sun, 11 Sep 2005, Tom Metro wrote:

> Robert La Ferla wrote:
>> I need to set up a (free/open source) NAT firewall and am looking for 
>> recommendations. 
> ...
>> I think it would be better to just install a dedicated Linux system for
>> a router than a generic Linux distro w/iptables.
>
> Yes, particularly a floppy or CD-ROM-based distribution, so you can eliminate 
> the hard drive and have a hardware enforced, read-only file system. Then if 
> you ever suspect a breach, you can just reboot.

I recall a talk a few years back about setting up a halted firewall; the 
idea was you'd set up iptables the way you wanted it, then you'd halt the 
machine but leave the network card enabled and the machine powered on. It 
involved modifying the network script in /etc/init.d so it wouln't disable 
the network interfaces when halting the system.

The idea was that enough of the kernel would still be running to handle 
the iptables rules, but there would be no OS underneath for anyone to try 
to break into.

I don't know if it ever went beyond a proof-of-concept demo; I haven't 
actually heard anything about it since the initial talk.





BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org