Hi jrsjrs,
This sounds quite practical, but one thing I might suggest is that the preferred way to make a (dedicated, hardware) firewall is to have a box with two NICs so that one NIC faces the outside world and one faces the LAN where your equipment is. For this, a laptop might not be the best choice as it is often more difficult and more expensive to put in a second NIC. I know that sometimes a single-NIC firewall can be used, but it's a lot harder to guarantee that no traffic can slip past if it is just another box hanging on your ethernet segment. You really want two separate segments. You may have an old laptop already and that may be why you are thinking of the laptop, but if you have an obsolete desktop-type system with room for some expansion cards, life will be a lot easier. You don't need much hardware for this. Even an old (very old) 486 system would probably work fine. Remember that 90% of the resources used by most desktop or laptop systems these days are probably used by the graphical user interface. If you skip that, there's more than plenty to run a firewall.
You can probably use just about any flavor of Linux for this project, but I don't see any good reason to go for one of the more full-featured distros. A lighter-weight distro is probably better here. Something like Damn Small Linux or even Knoppix would probably be fine.
I've mainly just used iptables, but a quick google shows a lot of other possibilities too You might want to take a look at Linux.com's
Linux firewall primer.. Something like
firestarter looks promising.
Here's another article. And
here's yet another that compares several free firewalls.
HTH,
Paul
24
