Subj : Thoughts on firewall
To   : All
From : Angus Mcleod
Date : Thu Jan 27 2005 09:53 am

Just ruminating on some thoughts for building a firewall.  

To make your setup inviolate, you could boot from CD and run entirely from 
RAM-disk.  But having the machine exist on a CD is such a pain, WRT making 
alterations and tweaking!

Suppose you built the machine with an HD and two options in the boot-menu.  

One option booted normally but with the external interface *down* so you 
could bring the machine up for tweaking, and save to the HD as usual, 
without worrying about external access.  

The second (and default) option would boot to a RAM-disk and run entirely 
from there with no access to the HD.  If the machine was compromised 
(somehow) the boot drive could not be accessed so you could eliminate the 
infection with a simple reboot.  

To prevent access to the HD, you build the kernel for the RAM-disk withOUT 
support for IDE, and withOUT support for modules.  Since the booting of 
the kernel and copying of the /dev/initrd's contents is done by the boot 
loader (and not the kernel) the kernel should not then need IDE 
compatability.

Would that work?


---
 þ Synchronet þ Linus is a regular at The ANJO BBS.  No, Linus Brathwaite!

.