Hi all I was told that not everybody who is interested in firewalling with Debian is subscribed to debian-firewall. Therefore I would like to introduce my Debian-based firewall distribution 'Gibraltar'. It boots from a live CD-ROM and therefore does not have to be installed on a harddisk, although the use of a harddisk for permanently storing log-files is recommended. The system itself runs completely from the single CD-ROM, only the config files (and possibly log files) are stored in a ramdisk. You can get get a (brief) description of Gibraltar as well as ISO images under http://www.gibraltar.at
I am working on a new version of Gibraltar that should be based on kernel 2.4.x. This should make stateful firewalling easier and firewalls quite a bit more secure. Since Gibraltar already uses devfs, it should work without any major problems with kernel 2.4.x. The only obstacle that is stopping me from switching immediately seems to be the lack of IP masquerading modules. Does anybody know when they will be ported to the netfilter framework ? Do I have to expect any other network-related problems with kernel 2.4.x at this stage (did anybody try 2.4.x on a heavy-duty router/firewall ? I only use it on my development system) ? I invite everybody to test the first 2.4.x-based Gibraltar version when it is ready (although I can not make any promises when this will be....). PS: I am currently not subscribed to debian-devel. best greets, Rene