- Home
- Projects
- Publications
- Academic
- Research Notes
- Open Source
- Miscellaneous
- SSD Linux benchmarks
- Git cheat sheet
- Home directory version control
- Austrian "Buergerkarte" under Linux
- Debian on a Thinkpad T42p
- (K)Ubuntu on a Dell Latitude XT
- Debian on a Gericom Phantom
- Encrypted home directories
- Automounting with hotplug
- Aladdin eToken under Linux
- Encrypted container under Linux and Windows
- SpeedTouch 330 ADSL USB modem with kernel 2.4
- Combining an open WLAN hotspot with private IPsec
- How to make a USB stick bootable
- Encrypted suspend-to-disk with Debian
- Import old emails into a Cyrus spool
- IPsec/L2TP gateway for Android and iPhone
- Nokia N900 synchronization with Egroupware
- Suspend and wakeup under Linux
- Android applications
- Debian Root CAs for KDE4
Gibraltar firewall project
Project goal
 |
Gibraltar firewall aims to produce a software firewall package that runs directly off CD-ROM or other read-only media. This offers two distinct advantages over installation on hard disks or generally read-write media:
Additional goals are to make the whole system as secure as possible during run-time, to provide advanced routing, filtering, and packet mangling capabilities, and to make it easy to configure. |
Current status
| Gibraltar is now a commercial product with its own web page.
The main project goals have been fulfilled with my first release (version 0.90pre1) in 2000. Since then, a growing community of individuals, companies, and organizations using Gibraltar as a tool for their network security has contributed to many of its improvements by providing general feed-back, requests and bug reports. I want to thank all people who have contributed to the mailing list, because they helped to shape Gibraltar. Although the major goals have remained the same, the additional aims have changed over the years. The first versions provided only a shell to configure the firewall, and concentrated on basic routing and packet filtering. A web administration interface was initially developed as a student project at the Johannes Kepler University Linz under my supervision and is now maintained by Esys GmbH. Over the years, additional functionality has been added, e.g. VPNs, traffic shaping, proxy server, anti-virus filtering, a complete anti-spam gateway, etc. For details, please refer to the changelog. I still act as the project manager and lead developer for the base system. My collegues from Esys GmbH maintain and improve the web interface, manage customer relationship, and provide commercial support. |
 |
Implementation
Gibraltar builds upon Debian GNU/Linux and basically provides a Debian system running off CD-ROM (or other read-only media). The necessary program logic for booting from and dealing with a read-only root file system is provided by my package mkinitrd-cd under the terms of the GNU GPL.
Until 2005, Gibraltar focused on booting off CD-ROM or write-protected USB thumb drives. Since release 2.3, we also support Gibraltar on selected hardware appliances to make it easier for users to select appropriate hardware.
History
Name
I chose the name "Gibraltar" with deliberation, because the geographical Gibraltar marks the entry to the Mediterranean. Ships coming from or going to the "outside", i.e. the Atlantic Ocean need to pass Gibraltar, and that's exactly how a network firewall works. Every packet coming from or going to the Internet must go through it.
Logo
 |
The logo also signifies this passage - the firewall as the gate to the internal network. |
Historical development
This section will be dedicated to the historical development of Gibraltar firewall (as soon as I get around to writing something down). For a glimpse about its presumptuous content still to come, Gibraltar was indeed one of the earlier live CDs around that did not use the at-that-time-common symlink farm trick and it is probably still one of the very few ones that actually switch the kernel's root file system to a read only media for better security. And yes, it has been there before Knoppix (first beta release at LinuxTag in June 2001) and SuSE Firewall on CD (first version also at LinuxTag in June 2001 - see here for the first mention of it that I could find, since their web page has been removed, second and last in 2002).
(I mentioned that it was presumptuous, but hey, this has been my pet project for quite some years now....)
If you want to have a hearty laugh, you can also look at the initial web pages of the Gibraltar project which I hacked together in 2000. After all, this section serves historical purposes.