Rolling your own firewall

Wednesday, 9 April 2003, 1:43 PM EST

I've been hearing a lot of talk lately about firewall appliances and how much of a pain they can be to use. Many of them tend to be Windows-specific in various ways, or they don't have all the flexibility us Penguin-heads have come to know and love with iptables. So, I decided to see exactly how much pain is involved in rolling your own firewall.

A visit to the scrap closet netted me a beautiful little machine: a Dell 486D/50, with 16MB of RAM, an 854MB Western Digital hard drive, a floppy and a 3Com 3C509 NIC. Add to that a Viking V.90 external modem, a second-hand 14" monitor and a keyboard to do the install with (the sticker on the monitor says $29.95), and we're ready to rip.

With all that hard drive space sitting there (you, in the back, stop snickering), I thought I'd go for something a little more powerful than your average floppy-based distribution. Indeed, I fired up LEAF for a few minutes, but realized I wanted a bit more. I had been looking at Pebble, a Debian-based mid-sized distribution, for a while, and it looked perfect for the job. Pebble is designed to run on a 128MB Compact Flash chip, but it works easily with other devices, including CD-ROM. It mounts root read-only and keeps the log files and other writables on a 10MB RAM disk; you can pull the plug on the box and lose only the logs. Pebble also is ext3-based, so if you lose something while tweaking the box, you don't have to fsck, which can be slow and painful on a 486.

[ Read more ]




Spotlight

The security threat of unsanctioned file sharing

Posted on 31 October 2014.  |  Organisational leadership is failing to respond to the escalating risk of ungoverned file sharing practices among their employees, and employees routinely breach IT policies.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //