Devil Linux - the firewall
Devil-Linux is a distribution which boots and runs completely from CDROM or USB flash drive. The configuration can be saved to a floppy diskette or a USB pen drive. Devil Linux was originally intended to be a dedicated firewall/router but now Devil-Linux can also be used as a dedicated server for many applications. Attaching an optional hard drive is easy, and many network services are included in the distribution.
Because boot/OS and (optionally) configuration [in a tarball] are stored on read-only media, Devil-Linux offers high security with easy and safe upgrades, the system being fully configurable with no writeable system device. If hard drive(s) are added for data storage, LVM is standard (easing expansion and backup) and software Raid is straightforward. Virtual machine use is also well supported, with VMware modules built-in.
What makes Devil Linux the best Firewall on the market
Devil-Linux is not like any other distribution. It is created from IT Administators for IT Administrators. We know what you need, because we need it too!
Boots from CD
Traditionally Devil Linux boots from a CD-ROM which is read-only by nature. This means an intruder will not be able to install i.e. an "ordinary" root kit.
Boots from USB pendrive
As all movable parts in your computer, the CD-ROM is prone to failure. This is the reason why we provide a script to install the entire system on an USB pendrive. Note: You need a computer which is able to boot from USB harddisks, in order to use this feature.
Configuration is saved on a floppy disc or on a USB Flash Media
Due to the read-only nature of CD-ROMs, you need a place to save your configuration files. This can either traditionally be on a floppy disc or on a USB flash media (like a pendrive), to increase the reliability.
Configuration can be burned on CD
There are cases when you have to ensure that the configuration can't be modified. This is the reason why we provide the feature for loading the configuration archive from the (read-only) CD-ROM.
No need for a harddisk although it can optionally be used for data storage
Most distributions need a harddisk for data storage, with DL this is completely optional. Reasons for adding harddisk data storage would be, i.e. when you use DL as your email hosting server or for file sharing. DL uses dynamic disc configuration via the Logical Volume Manager, which makes adding and maintaining the harddisk storage easy (regardless if you have only 1 GB or 1 TB of data).
Support for Intel 486 and higher
Got some old boxes in your bone yard? For most internet connection an old computer is enough to play the role of your Firewall, this is the reason why we still support 486 CPUs. But we're not stuck with old technologies, we also provide you a version vor 686 CPUs with SMP support.
IPTables/Netfilter Support
State of-the-art firewall functionality is provided by IPTables/Netfilter, which includes features like connection tracking. Devil-Linux adds many more Netfilter modules then you find in your standard Linux Kernel.
Create your own, customized version with our Build System
Since everybody has different requirements, Devil-Linux provides you with an easy-to-use build system, which enables you to create your own customized version. You can i.e. only add the packages you need on your machine or even add features which are currently missing in the mainstream version.
Directly supported by Firewall Builder
Don't like writing your Firewall rules by hand? Get Firewall Builder and use a great GUI tool to create your ruleset. Firewall Builder supports writing the rules directly onto your configuration floppy.
No graphical desktop
Devil-Linux has not support for i.e. X-Server. This greatly reduces the requirements to run DL and also greatly increases security by reducing the number of running programs. (Try this on Windows...)
Almost all binaries are compiled with the GCC Stack Smashing Protector
Except of a very few exceptions, all binaries are compiled with the GCC Stack Smashing Protector. Applications written in C will be protected by the method that automatically inserts protection code into an application at compilation time. The protection is realized by buffer overflow detection and the variable reordering feature to avoid the corruption of pointers.
Improved Kernel Security through GRSecurity
GRSecurity adds several new features and protection mechanisms to the Linux Kernel itself. This includes Chroot restrictions (did you know that it is easy to break out of a non-protected chroot jail?), Address space modification protection (like PAX), Auditing features, Randomization features and much more.
Easy to use chroot
Devil-Linux has support for chroot jails which is easy to use. Just define what you need in a configuration file and our jail script will take care of the rest. Some pre-defined configurations are already available.
Applications for Devil-Linux
The traditional application for Devil-Linux is to use it as Router/Firewall. Below you see a list of other possible applications:
Proxy Server
DNS Server
Mail Server with TLS support and Spam and Virus filtering
HTTP Server
FTP Server
File Server
VPNs with X.509 support
DHCP Server
NTP Server
IDS Node
Because boot/OS and (optionally) configuration [in a tarball] are stored on read-only media, Devil-Linux offers high security with easy and safe upgrades, the system being fully configurable with no writeable system device. If hard drive(s) are added for data storage, LVM is standard (easing expansion and backup) and software Raid is straightforward. Virtual machine use is also well supported, with VMware modules built-in.
Devil-Linux is not like any other distribution. It is created from IT Administators for IT Administrators. We know what you need, because we need it too!
Boots from CD
Traditionally Devil Linux boots from a CD-ROM which is read-only by nature. This means an intruder will not be able to install i.e. an "ordinary" root kit.
Boots from USB pendrive
As all movable parts in your computer, the CD-ROM is prone to failure. This is the reason why we provide a script to install the entire system on an USB pendrive. Note: You need a computer which is able to boot from USB harddisks, in order to use this feature.
Configuration is saved on a floppy disc or on a USB Flash Media
Due to the read-only nature of CD-ROMs, you need a place to save your configuration files. This can either traditionally be on a floppy disc or on a USB flash media (like a pendrive), to increase the reliability.
Configuration can be burned on CD
There are cases when you have to ensure that the configuration can't be modified. This is the reason why we provide the feature for loading the configuration archive from the (read-only) CD-ROM.
No need for a harddisk although it can optionally be used for data storage
Most distributions need a harddisk for data storage, with DL this is completely optional. Reasons for adding harddisk data storage would be, i.e. when you use DL as your email hosting server or for file sharing. DL uses dynamic disc configuration via the Logical Volume Manager, which makes adding and maintaining the harddisk storage easy (regardless if you have only 1 GB or 1 TB of data).
Support for Intel 486 and higher
Got some old boxes in your bone yard? For most internet connection an old computer is enough to play the role of your Firewall, this is the reason why we still support 486 CPUs. But we're not stuck with old technologies, we also provide you a version vor 686 CPUs with SMP support.
IPTables/Netfilter Support
State of-the-art firewall functionality is provided by IPTables/Netfilter, which includes features like connection tracking. Devil-Linux adds many more Netfilter modules then you find in your standard Linux Kernel.
Create your own, customized version with our Build System
Since everybody has different requirements, Devil-Linux provides you with an easy-to-use build system, which enables you to create your own customized version. You can i.e. only add the packages you need on your machine or even add features which are currently missing in the mainstream version.
Directly supported by Firewall Builder
Don't like writing your Firewall rules by hand? Get Firewall Builder and use a great GUI tool to create your ruleset. Firewall Builder supports writing the rules directly onto your configuration floppy.
No graphical desktop
Devil-Linux has not support for i.e. X-Server. This greatly reduces the requirements to run DL and also greatly increases security by reducing the number of running programs. (Try this on Windows...)
Almost all binaries are compiled with the GCC Stack Smashing Protector
Except of a very few exceptions, all binaries are compiled with the GCC Stack Smashing Protector. Applications written in C will be protected by the method that automatically inserts protection code into an application at compilation time. The protection is realized by buffer overflow detection and the variable reordering feature to avoid the corruption of pointers.
Improved Kernel Security through GRSecurity
GRSecurity adds several new features and protection mechanisms to the Linux Kernel itself. This includes Chroot restrictions (did you know that it is easy to break out of a non-protected chroot jail?), Address space modification protection (like PAX), Auditing features, Randomization features and much more.
Easy to use chroot
Devil-Linux has support for chroot jails which is easy to use. Just define what you need in a configuration file and our jail script will take care of the rest. Some pre-defined configurations are already available.
Applications for Devil-Linux
The traditional application for Devil-Linux is to use it as Router/Firewall. Below you see a list of other possible applications:
Proxy Server
DNS Server
Mail Server with TLS support and Spam and Virus filtering
HTTP Server
FTP Server
File Server
VPNs with X.509 support
DHCP Server
NTP Server
IDS Node
Thu 10th May,2012 - Devil-Linux 1.6.1 released
Download other versions -
Visit website -
Documentation -
Screenshots-