Sentry CD - A different firewall approach
- 0
- Add a Comment
If you want to set up a Linux-based firewall, there’s no need to run a bloated distribution that installs everything but the kitchen sink. If you are not afraid to get your hands dirty, and like having total control over your system, then Sentry Firewall CD (SFCD) is just what you need. It is a highly configurable, bootable CD that takes a minimalist approach to firewalling.
The hardware requirements for SFCD are minimal: a 486 or better processor, a BIOS that can boot from a CD-ROM, and a minimum of 32MB RAM, with 64MB recommended if you plan to run a firewall/router/DNS server. If your box meets those stringent requirements, head over to the SFCD Web site, download the latest ISO image, and burn the ISO file to a CD.
With SFCD, you have the option of using your own custom configuration files, including files common to all Linux systems (like resolve.conf and hostname) as well as SFCD’s init scripts. If the concept of custom init scripts scares you, relax. SFCD is based on Slackware, a distribution known for the simplicity of its init scripts.
The key to setting up SFCD is the file sentry.conf. SFCD reads Sentry.conf to learn where the custom configuration files are located. For a complete list of files that you can customize, take a look at the sample sentry.conf included on the CD in the directory SENTRY/scripts/cd-config. It may be a good idea to check out this file even before burning the CD. To do so, mount the ISO image with:
mount -o loop -t iso9660
Creating a customized configuration diskette is the easiest way to quickly set up your own configuration files. Customizing these files is not as difficult as it might appear. There are two ways to easily create your own diskette. The first is to use the sample diskette image included on the CD. You can copy this image to a floppy after booting the CD or mounting the ISO image with:
dd if=SENTRY/images/ext2-144.img of=/dev/fd0
You can then modify the contents of the diskette to suit your environment.
