Bootable CD w/OS for firewall

[lug at the-leveys.us (Don Levey)]

Eric wrote:
> --- Bob George <mailings02 at ttlexceeded.com> wrote:
>
>> miah wrote:
>>
>>> doesnt smoothwall do all this already?
>>
>> It certainly does the lightweight firewall portion. After a quick
>> skim of the website, I'm not under the impression it's
>> meant as "run from CD".
>
> Hi.  I am currently using smoothwall and it's very
> easy to configure and a real pleasure to use.  Last
> night I was trying to get my buddies crappy dell
> wireless router to work.  2 hours and all I could get
> was the wireless part to work but not the ethernet.  I
> almost lost my mind.  I have also owned linksys
> products and like them for what they are.  So ah, why
> do you want to run off a cd?  Is the security
> advantage that great?  (I have not tried using
> smoothwall this way and I'm not sure if you can.)
> Good Luck!
>
There are a couple of reasons:
The files are constant, read-only.  No-one can make changes to the firewall
rules, slip in trojans, backdoors, or substitutes for the 'ls' command,
enable a mail server and start sending spam, etc.  A quick reboot will solve
all of that - the same files come up again, just as I burned them.  Keeping
a hard disk around for logs means that, well, I can keep logs of any
activity.  Very useful; that's why we havethem.

Others have already mentioned why I might need to burn a new CD: a fix for a
new vulnerability, someone compromises a key or password.  I could also burn
a new CD if I need to update the firewall rules themselves; for example, to
more securely block off an IP that's trying to do me harm...

 -Don