[KLUG Members] A plea for firewall ideas

[Bruce Smith]

> If you have ideas for firewall distros for  heavy use (sorry, smoothwall 
> and the like won't cut it), let me know. Doesn't matter if it's linux 
> based, or something 'appliance-like'  , I just need to have enough ideas 
> to at least drown out the OpenBSD idea. 

OK, I have to say it:   http://www.devil-linux.org/

It's "harder" than your average Linux distribution.  The entire distro
is compiled with a half-dozen harding patches, like the GCC stack
smashing protector, Libsafe, PAX, grsecurity, ET_DYN, PIE, ...

It also runs off read-only media, which makes it impossible to root. 
You can run from CDROM, or from a write-protected USB memory stick and
build a firewall without any moving parts.

Plus it comes with a ton of network services if you need them.  Many
types of VPN's, SSH for remote configuration, routing protocols, and
many basic Linux daemons.  It's also setup to run many daemons in a
chroot jail for extra security.

SMP is supported for larger scale hardware.  And there is even a rumor
of a Devil Linux developer lurking on KLUG mailing lists!  ;-)

OTOH, if you need NOTHING but firewall, routing and DHCP (no SSH access,
no VPN, no nothing), take a look at floppy-firewall (FloppyFW).

 - BS