On January 20, 2004 01:34 pm, Ian Truelsen wrote: > I have been thinking about having my firewall box boot and run from a CD > so that there are no writable filesystems and there should be no need to > even have a HD. Can this be done with Gentoo or do I have to look at one > of the smaller distros? Also, does this seem like a good idea?
a while back i modified an old gentoo 1.2 install cd to do just that. and yes, it's considerably more secure (ie. even if a rootkit gets intalled, a reboot reverts everything back to normal). the biggest problem i ran into though was software upgrades etc. if a new version of iptables came out, or (gods forbid) a new kernel, upgrading had to take place on another machine in a chroot and then re-burned. ...and then my box started spontaneously kernel-panicking. i now have a normal computer for a router. ymmv -- those who desire to give up freedom in order to gain security, will not have, nor do they deserve, either one. - benjamin franklin -- [EMAIL PROTECTED] mailing list
