[ale] best dist for firewall?
    Chris Fowler 
    cfowler at outpostsentinel.com
       
    Fri May  3 20:13:10 EDT 2002
    
    
  
ACtually this might be a fun little project that can be
cranked out in a day.  If I can ever fully figure out
iptables I might just create this tiny beast.
strtok() and ioctl() is your friend!
Chris
-----Original Message-----
From: Chris Fowler [mailto:cfowler at outpostsentinel.com]
To: ale at ale.org
Sent: Friday, May 03, 2002 8:09 PM
To: Tyler Kiley; jb at sourceillustrated.com
Cc: ale at ale.org
Subject: RE: [ale] best dist for firewall?
You actually do not need any of it.
Here is what you do:
1) replace /sbin/init with your own thing
2) place a file in / that has the firewall settings and IP address settings
3) You are done.
Look on freshmeat for dietc to compile a static binary really, really small.
Chris
-----Original Message-----
From: Tyler Kiley [mailto:tyler at kianta.com]
To: ale at ale.org
Sent: Friday, May 03, 2002 10:05 PM
To: jb at sourceillustrated.com
Cc: ale at ale.org
Subject: Re: [ale] best dist for firewall?
Ya, but I was thinking you need /etc/fstab to know what device to mount at
/etc.....
Tyler
On Friday 03 May 2002 03:57 pm, jb at sourceillustrated.com wrote:
> Technically, you can mount *anything* from a floppy...
>
> > I'm intrigued by the idea of using removable media to store a firewall
> > configuration.... would it be possible to mount a machine's /etc
> > directory  from a floppy, or is /etc required on the root filesystem?
> >
> > Tyler
> >
> > On Friday 03 May 2002 02:58 pm, cfowler wrote:
> >> A firewall is a firewall.
> >>
> >> It is not:
> >>
> >> A Mail Server
> >> A Web Server
> >> A Shell Server
> >> A Etc. Server
> >>
> >> It is a firewall
> >>
> >> Maybe a very tight shell to configure the rules.  But if you do
> >> it write you can create a firewall on floppy that would
> >> require mounting on a cliet machine to configure then booting up on.
> >> Now that is a firewall!
> >>
> >> On Fri, 2002-05-03 at 14:28, Glenn C. Lasher Jr. wrote:
> >> > I will second this.  Slackware 8.0 is exactly the right distro for a
> >> > firewall.  Not only does it not suffer the operational and security
> >> > issues of RH, but it also even lets you pick --at install time--
> >> > what version of kernel you want to run, and, if you pick 2.4.x, will
> >> > let you set up ReiserFS before installing.  We 'ave one.  Ees ver'
> >> > nayze.
> >> >
> >> > On Thu, 2 May 2002, Transam wrote:
> >> > > > I'm setting up a firewall on a 120mhz, 16meg machine.  I'd like
> >> > > > to run iptables, snort/acid and a mysql db to store the snort
> >> > > > info.
> >> > > >
> >> > > > Any recommended distros?  It'd be nice to get something minimal
> >> > > > (possibly tightened) but with the 2.4 kernel (for the stateful
> >> > > > firewalling capabilities).  I considered Slackware or Debian and
> >> > > > then upgrading the kernel, but the thought of compiling on a
> >> > > > 120mhz machine is not a happy one.  Considering Peanut as well,
> >> > > > but it seems to be heavily configured for the desktop.  I guess
> >> > > > it's a last resort.
> >> > >
> >> > > Slackware 8.0!  I've found Slackware FAR less buggy (both in
> >> > > security bugs and in annoying operational bugs) than either Red
> >> > > Hat or Mandrake and far easier to install.  It also requires FAR
> >> > > less security patches and thus yields a lower-maintenance system.
> >> > > Some of this is due, I think, to their interest in the best
> >> > > disribution rather than the most money and easiest and most toys
> >> > > (sound familiar).  Some of it is due to less "stuff" on it.
> >> > > However, you certainly do NOT want a lot of extra junk on a
> >> > > Firewall.
> >> > >
> >> > > Sheesh.  RH7.1 did not even ship with a working IP Tables.  I had
> >> > > to download a working kernel and configure and compile it.
> >> > >
> >> > > I run Slackware on my Laptop and love it.  I use Red Hat on my
> >> > > desktop only because it is the most popular distribution with my
> >> > > clients and the friend who built my desktop put it on and I was
> >> > > too lazy to install Slackware over it.  (Installing Red Hat over a
> >> > > running Slackware system would have been just as much work and
> >> > > certainly greater than zero.)
> >> > >
> >> > > Any Set-UID or Set-GID program is a security risk.  When I build a
> >> > > Firewall I turn all of that stuff off.  X always is first on my
> >> > > list and GPM is second!
> >> > >
> >> > > > Thanks as always,
> >> > > >
> >> > > > John
> >> > >
> >> > > Bob Toxen
> >> > > transam at cavu.com                       [Bob's ALE Bulk email]
> >> > > bob at verysecurelinux.com                [Please use for email to
> >> > > me] http://www.verysecurelinux.com         [Network&Linux/Unix
> >> > > security consulting] http://www.realworldlinuxsecurity.com/ [My 5*
> >> > > book:"Real World Linux Security"] http://www.cavu.com/sunset.html
> >> > >       [Sunset Computer]
> >> > > Fly-By-Day Consulting, Inc.      "Don't go with a fly-by-night
> >> > > outfit!" Quality Linux & UNIX security and SysAdmin & software
> >> > > consulting since 1990.
> >> > >
> >> > > ---
> >> > > This message has been sent through the ALE general discussion
> >> > > list. See http://www.ale.org/mailing-lists.shtml for more info.
> >> > > Problems should be sent to listmaster at ale dot org.
> >> >
> >> > glasher at nycap.rr.com
> >> > You've been programmed by the Illuminati not to see the word "".
> >> >
> >> >
> >> > ---
> >> > This message has been sent through the ALE general discussion list.
> >> > See http://www.ale.org/mailing-lists.shtml for more info. Problems
> >> > should be sent to listmaster at ale dot org.
> >>
> >> ---
> >> This message has been sent through the ALE general discussion list.
> >> See http://www.ale.org/mailing-lists.shtml for more info. Problems
> >> should be sent to listmaster at ale dot org.
>
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should
> be sent to listmaster at ale dot org.
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.
    
    
More information about the Ale
mailing list