Keith Lofstrom wrote:
> I intended to bring all my machines up to SL5, but that only supports
> kernels for i686 and x86_64 AFAIK. My firewall machine for my small
> network is an old P5 laptop. Other alternatives required. I want to
> stay rpm/yum based, and would like to keep the familiar Red Hat
> architecture and file layout. I would also like to have automated
> updates forever, or the best approximation possible.
>
> Three alternatives look OK so far:
>
> 1) Rebuild the SL5 kernel and glibc and a few other packages for i586,
> and exclude them from yum updates.
>
> 2) Go to a security-based small distro such as Openwall.
>
> 3) Go to a firewall distro such as Endian. GUI config and excessive
> package count disturbing, though.
>
> Any superior alternatives? I would like something as close to
> fire-and-forget as possible that will support the old laptop.
>
> Keith
>
>
> P.S. - I use an old laptop for a firewall because it is x86, but draws
> a trickle of power compared to a desktop PC. That is eco-friendly, but
> frankly the more important reasons are that it is quiet and cool, and
> it will live for a LONG time on a UPS during a power failure.
>
>
Look at Shorewall, very well maintained & documented...
http://www.shorewall.net/http://www.shorewall.net/shorewall_quickstart_guide.htmhttp://www.invoca.ch/pub/packages/shorewall/3.4/shorewall-3.4.3/
IPCop Firewall is another that is simple to maintain & designed for
home/dsl users...
http://www.ipcop.org/
LinuxGuruz Netfilter IPTABLES Firewall Page
http://www.linuxguruz.com/iptables/
LiveCD based & Halted Firewalls
http://www.livecdlist.com/?pick=All&showonly=Firewall&sort=&sm=1http://www.linuxjournal.com/article/7383http://www.samag.com/documents/s=1824/sam0201d/0201d.htm
Some hackers use OpenWRT for lightweight (lowpower) FW/VPN...
http://www.remoteroot.net/2006/06/cheap-linux-firewall-iptables-on.php
-Art@JAX