Linux router software recommendation?
John Abreau
jabr at blu.org
Mon Sep 12 11:18:03 EDT 2005
On Sun, 11 Sep 2005, Tom Metro wrote:
> Robert La Ferla wrote:
>> I need to set up a (free/open source) NAT firewall and am looking for
>> recommendations.
> ...
>> I think it would be better to just install a dedicated Linux system for
>> a router than a generic Linux distro w/iptables.
>
> Yes, particularly a floppy or CD-ROM-based distribution, so you can eliminate
> the hard drive and have a hardware enforced, read-only file system. Then if
> you ever suspect a breach, you can just reboot.
I recall a talk a few years back about setting up a halted firewall; the
idea was you'd set up iptables the way you wanted it, then you'd halt the
machine but leave the network card enabled and the machine powered on. It
involved modifying the network script in /etc/init.d so it wouln't disable
the network interfaces when halting the system.
The idea was that enough of the kernel would still be running to handle
the iptables rules, but there would be no OS underneath for anyone to try
to break into.
I don't know if it ever went beyond a proof-of-concept demo; I haven't
actually heard anything about it since the initial talk.
More information about the Discuss
mailing list