Specifications
Using proxies and not forwarding IP packets are not enough to prevent un-
desired Internet IP packets from reaching the intranet or vice versa. This
firewall functionality is adopted by the kernel packet filter configured by
iptables(8). This is where the Live CD comes into play. The operating sys-
tem and all the applications are located on a CD — on a read-only file sys-
tem. A RAM disk, where the Live CD is mounted, is generated when boot-
ing. The original system can simply be restored by rebooting the machine.
Updating the SuSE Firewall on CD is also very simple because of this: just
replace the old Live CD with the new Live CD and restart your firewall host.
Configuring the system and the services is done by a disk on which all the
necessary configuration files are saved. This disk is mounted read-only when
booting. For extra security, the disk should also be write-protected. The data
on the configuration disk is copied to the RAM disk and the disk itself re-
moved from the file system.
Hardware Requirements
The SuSE Live CD for Firewall can run on any i586 or better x86 ma-
chine. At least a Pentium II is recommended.
A minimum of 128 MB RAM is recommended. The firewall can still
function with 64 MB, but proxies should not be used without more.
A 3.5-inch floppy disk drive is needed for the configuration disk.
The system must have a bootable CD-ROM drive.
At least two network interfaces or an ISDN card and at least one net-
work card are also needed.
More precise system requirements are documented in detail in System
Requirements on page 6
This chapter does not provide any instructions for configuring firewall ser-
vices. Instead, it offers technical documentation for the well-versed adminis-
trator willing to grapple with the internal aspects of the system. Details relat-
ing to the configuration files of the services provided on the Live CD are also
described. For configuration purposes, the Firewall Administration System
(FAS) on the Adminhost should be used.
114 Hardware Requirements