Gibraltar firewall

Project goal

Gibraltar firewall aims to produce a software firewall package that runs directly off CD-ROM or other read-only media. This offers two distinct advantages over installation on hard disks or generally read-write media:

  • Security: Files on the boot medium can not be changed without physical access to the computer system. Even in the case of a successful attack, a reboot will return the system to a known secure state.
  • Ease of use: No installation is necessary, because hardware components are detected automatically on bootup. When one machine fails, the same read-only boot media and configuration can be used with another machine, without requiring re-installation.

Additional goals are to make the whole system as secure as possible during run-time, to provide advanced routing, filtering, and packet mangling capabilities, and to make it easy to configure.

Status

Gibraltar was a commercial product with its own web page from 2001 to 2013, that is, it was commercialized for 12 successful years. It is currently no longer active.

(Some) History

The main project goals from a research point of view have been fulfilled with my first release (version 0.90pre1) in 2000. Since then, a growing community of individuals, companies, and organizations using Gibraltar as a tool for their network security has contributed to many of its improvements by providing general feed-back, requests and bug reports. I want to thank all people who have contributed to the mailing list, because they helped to shape Gibraltar.

Although the major goals have remained the same, the additional aims have changed over the years. The first versions provided only a shell to configure the firewall, and concentrated on basic routing and packet filtering. A web administration interface was initially developed as a student project at the Johannes Kepler University Linz under my supervision and was then maintained by eSys GmbH. Over the years, additional functionality has been added, e.g. VPNs, traffic shaping, proxy server, anti-virus filtering, a complete anti-spam gateway, etc. For details, please refer to the changelog.

I acted as the project manager and lead developer for the base system. My colleagues from eSys maintained and improved the web interface, managed customer relationship, and provided commercial support.

Implementation

Gibraltar builds upon Debian GNU/Linux and basically provides a Debian system running off CD-ROM (or other read-only media). The necessary program logic for booting from and dealing with a read-only root file system is provided by my package mkinitrd-cd under the terms of the GNU GPL.

Until 2005, Gibraltar focused on booting off CD-ROM or write-protected USB thumb drives. Since release 2.3, we also support Gibraltar on selected hardware appliances to make it easier for users to select appropriate hardware.

Gibraltar small hardware appliance

Name

I chose the name “Gibraltar” with deliberation, because the geographical Gibraltar marks the entry to the Mediterranean. Ships coming from or going to the “outside”, i.e. the Atlantic Ocean need to pass Gibraltar, and that’s exactly how a network firewall works. Every packet coming from or going to the Internet must go through it.

The logo also signifies this passage - the firewall as the gate to the internal network.

Gibraltar logo

Historical development

This section will be dedicated to the historical development of Gibraltar firewall (as soon as I get around to writing something down). For a glimpse about its presumptuous content still to come, Gibraltar was indeed one of the earlier live CDs around that did not use the at-that-time-common symlink farm trick and it is probably still one of the very few ones that actually switch the kernel’s root file system to a read only media for better security. And yes, it has been there before Knoppix (first beta release at LinuxTag in June 2001) and SuSE Firewall on CD (first version also at LinuxTag in June 2001 - see here for the first mention of it that I could find, since their web page has been removed, second and last in 2002). (I mentioned that it was presumptuous, but hey, this has been my pet project for quite some years now….)

If you want to have a hearty laugh, you can also look at the initial web pages of the Gibraltar project which I hacked together in 2000. After all, this section serves historical purposes.

René Mayrhofer
René Mayrhofer
Professor of Networks and Security & Director of Engineering at Android Platform Security; pacifist, privacy fan, recovering hypocrite; generally here to question and learn