"Rene Mayrhofer" wrote: > I am very interested in your selection of daemons and tools that > are needed on a firewall. Maybe we can share some ideas in this > area.
I'll forward you some notes and maybe a tarball or two when I get a chance in the next couple of days. I'd be glad to have someone else's opinion. I don't claim to be an expert on this sort of thing, so don't laugh too hard if I've made any really dumb mistakes. I looked over the Linux Router Project before I started on this, but I found that what I really wanted was something even simpler. My aim was to build up little single floppy systems that are almost 'psuedo embedded' in the sense that they have no interactive login or need for persistent storage. The kernels are tiny, no devices except the ram disk, serial, ethernet, and ppp or lp if needed. I elected to include math emulation so I don't have to worry about 'SX' machines, but the only filesystems needed are minix and proc. I elected to leave out modules entirely except where absolutely necessary (such as with ip_masq_*) in order to simplify things. I then just started with inittab and worked my way up from there using ldd and lsof to find the minimal set of binaries and libraries I needed to get to the point where the needed services are running. I did away entirely with the conventional startup system (to make it easier for me to understand) and condensed the whole thing down to two scripts; 'startup.sh' and 'services.sh'. I know it probably seems crazy, but I also eliminated everything having to do with shutdown since there's nothing persistent anyway. Just cycle the power if you need to restart. 8^) I am probably going to experiment with adding a minimal syslogd/klogd to allow real logging either to a remote host or by mounting a hard drive partition onto /var. This will of course require ide drive support and probably ext2 since I think minix filesystems are limited to a max of 65MB. I guess I'd have to have a real shutdown and do some tidying up beforehand as well. The bootable disks are built by creating an image of the root filesystem you want in a directory on a real Linux box and then using a couple of scripts to pack it into an initrd.gz image and write it onto a floppy with syslinux and your chosen kernel. It's also easy to test these on your main box (hardware permitting) by just adding an entry to your lilo.conf to boot your test kernel and initrd. My first purpose was to be able to provide single floppy 'crash recovery' disks for remote sites so that if they have a catastrophic failure of a critical machine like a dhcp server they can just grab a spare box, put in the floppy, and turn it on. I also wanted to produce a system small enough that I could get the whole thing in my head at once and understand exactly what happens and what pieces are needed from kernel loading through to the login prompt. __________________________________________________ Do You Yahoo!? Thousands of Stores. Millions of Products. All in one place. Yahoo! Shopping: http://shopping.yahoo.com
