October 31, 2003

Devil-Linux 1.0: The (hell)firewall

Author: Robin 'Roblimo' Miller

Today, Halloween, marks the debut of Devil-Linux 1.0, a runs-from-CD (or USB flash device) firewall/router distribution designed to give you a large amount of security in return for very little setup work. The Halloween release date and the 'Devil-Linux' name itself were chosen for humor value, not for religious reasons. The Devil-Linux developers tend to be light-hearted, but don't let their conversational silliness fool you: This is serious software with a serious purpose.Obviously, an operating system that runs from a CD can't be altered by someone who tries to take control of the computer it's on from a remote location. This is a better anti-hacker defense than any obscure password or software-based protection scheme ever developed.

One of the biggest improvements in the new 1.0 version is a curses-based setup utility that brings GUI-like administration capability to what is otherwise a command line-based, stripped-down distribution. This utility basically does everything necessary to configure Devil-Linux to the level of a "hardware broadband firewall/router," plus a little extra: You can set up two or three network cards; you can configure a standard firewall script with IP-Masquerading/NAT; and you can configure a DHCP server for your internal network.

This addition is primarily the work of Bruce Smith, who has also taken on the task of publicizing Devil-Linux, which has been a low-profile, low-key project until now, with six current developers listed at SourceForge, and fewer than 200 subscribers on its general discussion e-mail list.

In an instant messenger conversation yesterday, Bruce said, "I don't think the membership on the list means much, since I personally use a lot of software that I'm not a member of their mailing lists."

Bruce joined the project in May. It was started in mid-2002 by Heiko Zuerker, who Bruce told us "is still project leader and developer."

Not a desktop distribution

X-window is not part of Devil-Linux. The only way you can browse the Web through it is with Lynx or another text-based browser. But the lack of an X-based graphical desktop is what makes it able to run at a decent speed directly from a CD.

However, Devil-Linux 1.0 can be used as a server. This is functionality in the 1.0 release that was not previously available, but server use requires caution. Bruce says, "I know some people who run services on their firewall because of lack of funds for more PCs, but we don't recommend that because that lessens security."

Another option is to create a virtual server with VMware or a similar utility. Bruce says, "Devil-Linux runs great in VMware. All of the developers use VMware for testing. It saves a LOT of time. You don't even have to burn a CD, just point VMware's CD to the ISO image, and point the floppy to another image (to save the config).

"I don't know of anyone who runs Devil-Linux as a production firewall in VMware, but I don't know why it wouldn't work fine."

No strong reactions from the religious. Yet.

During our online chat, I asked Bruce if any humor-impaired Christians -- the kind of people who took Jesux seriously -- have complained about the Devil-Linux name. "I haven't heard any personally, he said. "I don't doubt it's happened, probably before my time, but I've never asked. If you look at the Web site, there is a paragraph about the name having absolutely nothing to do with the devil, etc. on the introduction page. I don't know if Heiko put that there because of complaints, or to head off complaints that haven't happened yet. I never asked."

Can you "review" software you help develop?

Bruce tried, sort of, on the Kalamazoo Linux Users Group Web site. Believe it or not, he did a reasonably even-handed job. And at the end of the article he admitted that he worked with the Devil-Linux project:

If you've read this far without falling asleep, I need to come clean with you on my current involvement with the Devil Linux distribution.

After using (and liking) Devil-Linux 0.5 for a long time, I wanted some software added to the next release, plus I had ideas for improvements in the area of installation and configuration. This motivated me to put my time where my mouth was, so in early 2003 I started writing and contributing code to the developers. In May 2003, I officially joined the Devil-Linux core development team, and I've been working on the soon-to-be released version 1.0 (and 1.1) ever since.

When I wrote this article from the perspective of an independent reviewer, I was not trying to mislead anyone. I was merely trying to tell my story and experiences in my own way. I tried to be as fair as possible, showing the strong points of Devil-Linux, along with the areas that still need improvement.

If you need a simple, highly secure, easily-configured firewall/router or simple server that can run on an old/cheap machine (even one of those sub-$25 early Pentium boxes you see at flea markets and garage sales), Devil-Linux seems like it ought to be a (can't ... resist ... pun...) hellishly good choice.

And Bruce's article on the KLUG site is a pretty good place to start learning what you can expect Devil-Linux to do (and not do), and it also gives basic setup instructions to help you make sure the only devil on your network is a friendly one you put there on purpose to protect yourself from evil devils that want to sneak into your network and torment you -- not just on Halloween but 365 days a year.


  • Security
Click Here!