[PLUG] Firewalls

Jason Kirtland plug at lists.discorporate.us
Wed Nov 30 00:15:54 UTC 2005


fh wrote:
> Anybody using a dedicated Linux box as a firewall? [...]
> I'd love to hear the good and bad, the recommendations
> and caveats, etc.
> Also: Which package?  Hardware requirements?  Maintenance issues?

I run a LEAF Bering-uClibc firewall.  It uses shorewall for firewall 
configuration and hosts a few extra services like traffic shaping, DNS 
and OpenVPN.  LEAF is pretty easy to get running.  It can run from 
floppy, CD, hard drive, compact flash, etc., and doesn't need much RAM.

http://leaf.sourceforge.net/bering-uclibc/

I run it on a little fanless Soekris 4801 from compact flash.  It 
connects 6 network segments, including wireless, 2 DMZs and a VPN.  I 
pretty much never have to fuss with it.  It's easily the most flexible 
& yet worry-free server I've ever put together.  It replaced a regular 
distro on regular hardware firewall that was too far from worry-free 
for my taste.

I might suggest trying out a floppy install first regardless of what 
media the firewall will actually use, as the docs are geared toward 
floppies.  The rest is pretty simple once you grok the LEAF package 
setup & lifecycle.

-Jason




More information about the PLUG mailing list