From owner-freebsd-chat  Mon Jan 14 21: 6:31 2002
Delivered-To: freebsd-chat@freebsd.org
Received: from uce55.uchaswv.edu (uce55.uchaswv.edu [12.4.161.9])
	by hub.freebsd.org (Postfix) with ESMTP id 4C80137B405
	for <freebsd-chat@freebsd.org>; Mon, 14 Jan 2002 21:06:29 -0800 (PST)
Received: from there ([172.16.32.103])
	by uce55.uchaswv.edu (8.9.3 (PHNE_22672)/8.9.3) with SMTP id AAA07250
	for <freebsd-chat@freebsd.org>; Tue, 15 Jan 2002 00:09:13 -0500 (EST)
Message-Id: <200201150509.AAA07250@uce55.uchaswv.edu>
Content-Type: text/plain;
  charset="iso-8859-1"
From: Nathan Mace <nmace85@yahoo.com>
To: freebsd-chat@freebsd.org
Subject: a CDROM based firewall
Date: Tue, 15 Jan 2002 00:06:41 -0500
X-Mailer: KMail [version 1.3.2]
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-chat@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-chat.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-chat>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-chat>
X-Loop: FreeBSD.org

what do you guys think of a "free" style licenced BSD based firewall on a 
bootable CDROM?  i know that suse linux provides this as a linux based 
product but it is commerical, and i'm not sure how popular it is or how well 
it works.

i was thinking that i could make an ISO image that when burned to a CDROM, 
which when booted it would copy itself to memory, and then run from there.  
you could setup a ram drive to be the /tmp directory, and optionally you 
could have a hard drive to hold the log files.  that way if it ever got 
cracked, all you'd have to do is reboot it to be back to a known good state.  
since the CDROM is read-only there is nothing the cracker could hurt except 
the logs, which could be setup to be emailed to you via cron.

i've talked to some people i know about this idea, and someone pointed out 
that you'd have to burn a CDR every time you wanted to permenatly chage the 
firewall rules, but what would be wrong with linking the filewall conf(rules) 
file to a file on the floppy drive?  you could edit it on a different 
computer, and then set the floppy disk to be phsically read-only.  mount the 
disk and restart the firewall deamon causing it to re-read the new file.

anyone see any serious problems with this?  anyone know if there are any 
projects like this already out there?  thanks

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message