Re: Building Debian firewall

To: Debian Firewall <debian-firewall@lists.debian.org>
Subject: Re: Building Debian firewall
From: "Rajkumar S." <voidmain@myrealbox.com>
Date: Tue, 29 May 2001 23:50:22 +0530 (IST)
Message-id: <[🔎] Pine.LNX.4.33.0105292345140.1251-100000@swathi.lanscape.firm.in>
In-reply-to: <[🔎] 007b01c0e82d$c4637a80$151869d5@oak>

On Tue, 29 May 2001, Robert Davies wrote:

> I would suggest working on a CD-ROMable distribution, and to forget
> the idea of modes on the production system.

Yes,

>  An update of unstable programs could be done, by having 2 'patch'
> partitions, which are installed over the network mounted rw. The
> updated one would be remounted ro before use, and then a switch could
> be made by swapping to a new floppy.

Cool.

> syslog supports logging over the network, so use that and log to a
> secure system in a private network

Yes,

> But I believe it could be adapted to your secure web/DNS server idea.
> You'ld need to seperate out config files which may need to be changed,

Apart from /var, is there any partition that needs to be RW for normal web
server roles. and any config files that need to be written?


> The actual source for things like websites, and master zone files,
> should be managed on a machine in the internal network, and then
> copied in using rsync(1) with an ssh(1) pipe.  Thus any breakins or
> defacements, to the disk areas that have to be rw can be wiped out
> easily.

Nice idea.

raj

Reply to:

Follow-Ups:
- Re: Building Debian firewall
  - From: "Robert Davies" <Rob_Davies@NTLWorld.Com>

References:
- Re: Building Debian firewall
  - From: "Robert Davies" <Rob_Davies@NTLWorld.Com>

Prev by Date: Re: Building Debian firewall
Next by Date: Re: Building Debian firewall
Previous by thread: Re: Building Debian firewall
Next by thread: Re: Building Debian firewall
Index(es):
- Date
- Thread