Overview
Sentry Firewall starts from CD-ROM and immediately constructs a RAM disk in the computer's memory. Before the system fully boots, a script searches for removable media containing a file called "sentry.conf". If that file is found, it may contain detailed instructions and a list of files to be copied from the removable media to the RAM disk before the system is finally allowed to boot.
The CD-ROM is pre-loaded with a variety of configurable network tools, including iptables.
Because the RAM disk is created each time the machine boots, it is possible to recover from any sort of problem simply by rebooting the machine. From a security perspective, this is compelling because the machine essentially becomes immune to viruses or file corruption - or at least the effects of either problem can't survive a reboot.
Read more about this topic: Sentry Firewall