Re: [leaf-user] distribution for flash + 2.4.20 + iptables (no shorewall)
Peter At 18:35 28.01.2003 -0800, you wrote: Hi gang, What would be the best distribution to use on a flash + 2.4.x system? I like Bering, but I am going to be setting up linux routers with BGP so I don't want to experiment with learning shorewall on these systems. Space is not an issue as I have 256-mb flash cards. I don't believe the flash issue is related to what you want to use your router for. Thanks much for your time, Peter PS - is there a way to turn off Shorewall or run my own iptables rules in Bering? That would be fine. Just take shorewall off the package list in syslinus.conf or/and lrpkg.conf. You will be responsible to set up your own routing/firewalling scheme then. HTH Erich THINK Püntenstrasse 39 8143 Stallikon mailto:[EMAIL PROTECTED] PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16 --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] distribution for flash + 2.4.20 + iptables (no shorewall)
Hi Tom list, If you understand enough to create your own secure firewall using iptables, then I'm amazed that you feel the need to post on a mailing list to learn how to omit one small package (Shorewall) from a simple floppy-based Linux distribution (Bering). Nevertheless, I offer my (tongue in cheek) help: I read somewhere that Shorewall was not capable of being removed from Bering. Unfortunately I couldn't locate this post in a quick few minutes. I checked the Bering documentation and didn't find a reference, therefore I'm pretty sure this was found through Google (archive of this mailing list?). I hope knowing what was on my mind re:shorewall package you understand where I was coming from a little more. a) Remove the shorewall package from syslinux.cfg b) Remove shorwall.lrp from your floppy/CF/IDE image. c) Develop your own .lrp package that is secure and easy to configure in the face of changing firewalling/gateway requirements. I am thinking of using an lrp located at http://leaf.sourceforge.net/devel/jnilo/bering/latest/contrib/; the iptables save restore functionality. Does anyone know if this lrp provides an init.d startup of old iptables rules? If it doesn't I would imagine I'll have to create a seperate iptstart.lrp or something similar. If you think that the above two steps are trivial, browse the LEAF and Shorewall list archives. I am in process of creating/submitting a package that provides VRRP functionality for LRP called Keepalived (http://www.keepalived.org/), so yes I know lrp's aren't easy. I'm sure Shorewall is great for most people, but I'm looking for something to use in BGP linux routers booting off of CF-IDE/flash media. h) Submit your package to 1000s of people on the internet over a period of 12 to 18 months to validate its flexibility, usability and security. i) Use what you learn in that 12 to 18 month period to improve your package to make it more flexible, easier to use and more secure. I'll submit what I have when I have completed it. If people find it useful and have suggestions I'll try to help in whatever way I can. It would be nice to have such fame that 1000's of people would download it but I bet the only one that downloads it is me and a few other linux flash router people. ;) You're right -- it is so simple that I can't understand why anyone struggles with learning shorewall on these systems... :-) Lol. Well it is very important for my company to use existing setups concepts where possible. I looked at Shorewall and it doesn't seem to offer any significant advantage for my company other than being pre-integrated into LRP. Why should I learn a new firewall system if we already have iptables working and under the belt? More importantly why should I create documentation for the rest of the people here and then force them to learn this system? It seems that in my case Shorewall is a program that introduces a very good potential for human error and adds complexity to a project that doesn't need more complexity. In this project KISS is my motto. Again, we're talking about in my case only. I'm sure 99.% of the people are different and Shorewall is good for them. Thank you very much for your response time! Peter --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
[leaf-user] distribution for flash + 2.4.20 + iptables (no shorewall)
On Tue, 28 Jan 2003 20:16:13 -0800 [EMAIL PROTECTED] wrote: Message: 3 From: Peter Mueller [EMAIL PROTECTED] To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Date: Tue, 28 Jan 2003 18:35:03 -0800 Subject: [leaf-user] distribution for flash + 2.4.20 + iptables (no shorewall) Hi gang, What would be the best distribution to use on a flash + 2.4.x system? I like Bering, but I am going to be setting up linux routers with BGP so I don't want to experiment with learning shorewall on these systems. Space is not an issue as I have 256-mb flash cards. I have a make-driven system to customize the Bering floppies for a bootable cf image. It is not quite ready for prime-time, but email me off list if you are interested and I will send it to get you started. -- --- Chad Carr [EMAIL PROTECTED] --- msg12605/pgp0.pgp Description: PGP signature
[leaf-user] distribution for flash + 2.4.20 + iptables (no shorewall)
Hi gang, What would be the best distribution to use on a flash + 2.4.x system? I like Bering, but I am going to be setting up linux routers with BGP so I don't want to experiment with learning shorewall on these systems. Space is not an issue as I have 256-mb flash cards. Thanks much for your time, Peter PS - is there a way to turn off Shorewall or run my own iptables rules in Bering? That would be fine. --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] distribution for flash + 2.4.20 + iptables (no shorewall)
Hello Peter, I have been looking for a similar answer but have yet to find a good solution because I want to add a JVM to my flash based linux. I think the best bet might be LFS (Linux From Scratch) --- Peter Mueller [EMAIL PROTECTED] wrote: Hi gang, What would be the best distribution to use on a flash + 2.4.x system? I like Bering, but I am going to be setting up linux routers with BGP so I don't want to experiment with learning shorewall on these systems. Space is not an issue as I have 256-mb flash cards. Thanks much for your time, Peter PS - is there a way to turn off Shorewall or run my own iptables rules in Bering? That would be fine. --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] distribution for flash + 2.4.20 + iptables (no shorewall)
--- Peter Mueller [EMAIL PROTECTED] wrote: Hi gang, What would be the best distribution to use on a flash + 2.4.x system? Bering and WISP-dist are the only 2.4.x kernel LEAF variants. WISP is primarily for wireless and is a CF/IDE image. Bering will do about anything you set it up to do. like Bering, but I am going to be setting up linux routers with BGP so I don't want to experiment with learning shorewall on these systems. Space is not an issue as I have 256-mb flash cards. Just remove the Shorewall package. PS - is there a way to turn off Shorewall or run my own iptables rules in Bering? That would be fine. Yep, remove the shorewall package from syslinux.cfg on your actual disk. You may need to backup etc.lrp or root.lrp to save your firewall rules. -- ~Lynn Avants Linux Embedded Appliance Firewall developer http://leaf.sourceforge.net --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html