[wellylug] mini ITX systems

[Ewen McNeill]

In message <20030706065158.47732.qmail at web12204.mail.yahoo.com>, Wood Brent writes:
>I have had a discussion about running one as a W98 box for his kids, booting
>off a Linux server, which seemed quite feasible (given LAN boot device support
>in BIOS) but the loss of his job kicked that one, so I haven't tried. It raises
>intersting possibilities about diskless firewalls, etc...

FWIW, diskless firewalls are usually better done booting off flash disks
(either dedicated ones, or compact flash through a CF <-> IDE adapter,
or even the USB flash keyring things if the motherboard supports booting
off USB -- there was a link off the Debian Weekly News at one point
describing how to do this).

Booting a firewall off an external source is (a) asking for catch-22
situations (need the firewall up so something plays nicely so that you
can boot the firewall), and (b) adding the possibility of hacking the
boot process through arp cache poisoning and the like.

Citylink deploys a lot of flash-booting routers/firewalls as I
understand it.  Although last time I saw him Simon Blake was looking
Rather Sad (tm) because none of the new compact flash he could buy was
being recognised by the particular unit they were most commonly using as
their low end router/firewall.

Ewen

PS: I have nothing against network booting devices.  I used a network
    booted linux system as my main workstation for a couple of years
    (because it was completely silent).  But I wouldn't do it for a
    firewall, at least not over any media which is attackable.