[KLUG Members] A plea for firewall ideas
Bruce Smith
bruce at armintl.com
Tue Aug 31 09:01:31 EDT 2004
> > OK, I have to say it: http://www.devil-linux.org/
> > It also runs off read-only media, which makes it impossible to root.
> > You can run from CDROM, or from a write-protected USB memory stick and
> > build a firewall without any moving parts.
>
> Although I've never used Devil Linux, I have it on very good authority [
> :) ] that is is an excellent choice. The no-moving-parts aspect is very
> nice.
It also makes a great server for simple tasks.
Both of my company's DNS servers run BIND on Devil-Linux in a chroot
jail (configured chroot by default). The secondary DNS server is
running on a P5-100, the primary was running on a P5-166 until it's
power supply died and I upgraded it to a P2-300. Here's the secondary:
root at dns2:~ # uptime
7:38am up 315 days 21:54, 1 user, load average: 0.00, 0.00, 0.00
root at dns2:~ # cat /proc/cpuinfo
vendor_id : GenuineIntel
cpu MHz : 99.476
...
root at dns2:~ # free
total used free shared buffers cached
Mem: 77492 31308 46184 0 1000 14928
-/+ buffers/cache: 15380 62112
Swap: 0 0 0
OK, the installed memory is overkill. :-)
Also the following web servers are running Devil-Linux with Apache/PHP:
http://people.armintl.com/ and http://www.reddog.org/
And my company's Squid server is also running Devil-Linux on a 1.8G P4
and SCSI hard drives for the cache:
root at proxy:~ # uptime
8:52am up 301 days 21:50, 1 user, load average: 0.21, 0.05, 0.01
> > And there is even a rumor of a Devil Linux developer lurking on KLUG
> > mailing lists! ;-)
>
> Does he know if it has an administrative interface yet?
Only enough to do the basics and get you up and running.
After that, some Linux expertise is needed.
Although I have heard of people using products like fwbuilder
to manage DL, but I've never tried it and don't know the details.
> And does it support remote logging?
Absolutely! It comes with your choice of syslog or syslog-ng.
- BS
More information about the Members
mailing list