netfilter firewalling problems and solutions

Jason jason at
Tue Feb 24 11:43:57 PST 2004

I have made a firewall for myself using this exact approach. I have a 10
meg initrd that loads and everything runs out of that, then I have a
script that detects my USB thumbdrives, mounts them and stores all my
config info in that. It's actually a project that I have been working on
for some time (firewall on a live cd with persistant storage possible via
thumbdrive or an IDE device, web based gui and cdrw support so when you
are happy with your config you can just burn it to a cd and not have to
worry about storage anymore) and I would be more then happy to share what
I have if anyone is interested. Just be aware that it is something that I
have been trying to do in my spare time with the intent of releasing, but
in it's current form, it's a collection of dirty hacks.

It gimme the jibblies

On Tue, 24 Feb 2004, Bennett Todd wrote:

> 2004-02-24T09:47:04 Ian Molton:
> > On Tue, 24 Feb 2004 09:21:36 -0500
> > Bennett Todd <bet at> wrote:
> > > If you've got enough RAM to spare, you can run entirely off an
> > > initrd, and have it use hdparm to spin down the hard drive once it's
> > > loaded.
> >
> > I dont see why an initrd is needed.
> It's not; your approach can work. I think an initrd is simpler; once
> it's loaded and running, nothing is referencing the hard drive. But
> if you can hunt down each and everything that ever tries to write to
> the hard drive, or read stuff from it sufficiently intermittently to
> dodge the buffer cache (e.g. rarely-consulted config files), then
> your approach can work too.
> -Bennett

More information about the hlfs-dev mailing list