>>>>> "JJT" == John Joseph Trammell <trammell at trammell.dyndns.org> writes: JJT> On Wed, Feb 21, 2001 at 08:13:29AM -0800, Scott Dagastino JJT> wrote: >> Since the price of computer equipment (MB, HD, etcs) are so >> inexpensive, I personaly would never run linux off of a cd. >> You are limited to not being able to confire the files like >> httpd and the log files or .bash_profile. >> >> That is too limiting for any real practical use. JJT> Funny, but I've thought about doing exactly this for my JJT> firewall. Build a CD on a trusted machine with /bin, /usr, JJT> /etc. Boot the firewall from CD, and have a local disk for JJT> /var, or just syslog to another machine. Maybe some sort of JJT> intrusion detection to reboot the machine if needed. JJT> Another job for the to-do list... Actually, there are a number of micro-distributions that do just that. You might want to look into either coyote linux (configure it on your main box, then write a floppy to run on your firewall), gibraltar (one CD firewall distro) or smoothwall (this seems to be aimed more at sharing modems). I've been using coyote myself and think very highly of it. It fits a debian-based firewall on a single floppy (compressed), and then you can write-protect the medium, for the security advantages that Bill points out in his email. R