Journal Journal: Firewall Appliance pt 4
I put this project down for a long time to work on other stuff (nothing of interest to the slashdot crowd; you'd have to go to the forum site for people who clean out their rain gutters and remove old asbestos from their houses).
When I returned, I used the PXE boot / install method to install Debian Woody 3.0 on the compact flash. This is a vast improvement. I think that the Debian installation and package tools make it much easier to install a minimal system, and the file system errors have disappeared. I think my problem was similar to a RedHat problem I had on another machine, where the fs was not cleanly unmounted by the distro.
I've been building iptables to make it a real gateway, and will post more info in the next week about this.
Of course, I wanted to try OpenBSD, but they do not support PXE booting, so no love there. I read on Openbrick.com that the way to install OBSD is to get a laptop hard disk, install on a laptop, then transfer the disk to your appliance. What is this, the Dark Ages? Also, pf is not quite up to snuff yet. It works well for some projects at work that just need to keep out everything, but some of the advanced features of iptables are not there yet. I will revisit OpenBSD in a few months and see how it's working, the priv separation and systrace jails make it ideal for security.
No disrespect to the OBSD developers, I just think that embedded devices are where it's at. When a shmoe like me can build a better DVD player than Toshiba with cheap hardware and free software, we may soon see imaginative people from outside the consumer electronics field with some great ideas that Sony would not build. As embedded devices become more common it would be good to see security up front (instead of as a clumsily executed afterthought like the rest of the computer industry). Feel free to call me an ungrateful bastard; I am just trying to sum up why the software won't work for me at this point.
So, Linux it is for now. I am looking into security for the device with systrace, or some other sort of process jail to keep the device from being compromised.
Finally, I just got my rebate check for the Viking CF card I bought from amazon. Final cost: 512MB for $149. The price is lower now, see here.