 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On Sun, 11 Sep 2005, Tom Metro wrote: > Robert La Ferla wrote: >> I need to set up a (free/open source) NAT firewall and am looking for >> recommendations. > ... >> I think it would be better to just install a dedicated Linux system for >> a router than a generic Linux distro w/iptables. > > Yes, particularly a floppy or CD-ROM-based distribution, so you can eliminate > the hard drive and have a hardware enforced, read-only file system. Then if > you ever suspect a breach, you can just reboot. I recall a talk a few years back about setting up a halted firewall; the idea was you'd set up iptables the way you wanted it, then you'd halt the machine but leave the network card enabled and the machine powered on. It involved modifying the network script in /etc/init.d so it wouln't disable the network interfaces when halting the system. The idea was that enough of the kernel would still be running to handle the iptables rules, but there would be no OS underneath for anyone to try to break into. I don't know if it ever went beyond a proof-of-concept demo; I haven't actually heard anything about it since the initial talk.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
