--On Tuesday, January 28, 2003 6:35 PM -0800 Peter Mueller <[EMAIL PROTECTED]> wrote:
If you understand enough to create your own secure firewall using iptables, then I'm amazed that you feel the need to post on a mailing list to learn how to omit one small package (Shorewall) from a simple floppy-based Linux distribution (Bering). Nevertheless, I offer my (tongue in cheek) help:What would be the best distribution to use on a flash + 2.4.x system? I like Bering, but I am going to be setting up linux routers with BGP so I don't want to experiment with learning shorewall on these systems. Space is not an issue as I have 256-mb flash cards.
a) Remove the shorewall package from syslinux.cfg
b) Remove shorwall.lrp from your floppy/CF/IDE image.
c) Develop your own .lrp package that is secure and easy to configure in the face of changing firewalling/gateway requirements.
c) Replace Shorewall with your own package on your floppy/CF/IDE image.
d) Add your package to syslinux.cfg.
e) Test that your package actually works with Bering; fix and repeat this step as necessary (and you will have to repeat this step with each Bering upgrade).
f) Test to ensure that your package backs up your firewall configuration when you select 'Backup' from the lrcfg menu (I'm sure you know how to make your package appear in the backup menu....)
g) Test to ensure that restoring your package restores your iptables configuration
If you think that the above two steps are trivial, browse the LEAF and Shorewall list archives.
h) Submit your package to 1000s of people on the internet over a period of 12 to 18 months to validate its flexibility, usability and security.
i) Use what you learn in that 12 to 18 month period to improve your package to make it more flexible, easier to use and more secure.
You're right -- it is so simple that I can't understand why anyone struggles "with learning shorewall on these systems"... :-)
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
Shoreline, \ http://www.shorewall.net
Washington USA \ [EMAIL PROTECTED]
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
