[Cialug] New Firewall

Claus cniesen at gmx.net
Thu Jan 18 08:46:38 CST 2007


I know I'm way late.  But if you are really concerned about hardware 
failure then forget about worrying of moving parts and use the carp 
feature of OpenBSD.  You basically have two firewalls running 
simultaneously in case one goes down the other takes over.

If carp is overkill I would just duplicate the hard drive and store it 
on a shelf.

And no, a 4 port firewall isn't overkill.  I have 5 port firewall for my 
home network. ;)

   Claus

On 1/5/2007 3:04 PM, Nathan C. Smith wrote:
> I was thinking the same thing about moving parts.  http://www.pfsense.org
> Although you probably have the drives in a RAID 1 config.

> -----Original Message-----
> From: Daniel A. Ramaley [mailto:daniel.ramaley at DRAKE.EDU] 
> Sent: Friday, January 05, 2007 2:53 PM
> To: Central Iowa Linux Users Group
> Subject: Re: [Cialug] New Firewall
> 
> On Friday 05 January 2007 14:24, Tom Pohl wrote:
>> Does anyone know of a set of tools that will give me what I'm looking 
>> for that will install on top of a standard distribution instead of a 
>> stand alone distribution with a purdy web interface?
> 
> I wouldn't install a firewall using anything other than OpenBSD. I'd
> probably also remove the unnecessary moving parts (read: hard drives) and
> replace them with a 1 GB IDE flash drive. Actually i'm going to be replacing
> my home firewall soon with a low-power machine running OpenBSD off of flash.
> Based on recent other experiences installing OpenBSD, a full installation
> will leave most of the 1 GB free. And it is possible to configure the
> filesystem to be read-only so you don't have to worry about power outages,
> at least not beyond the usual spikes and such that a high-quality surge
> protector can filter out.


More information about the Cialug mailing list