Should be straightforward, although I admit I've not done it with CF disks
(but the principle remains the same). We set up two firewalls for a
customer which were reasonably complex (ten Ethernet interfaces, four
OpenVPN [tunX] interfaces), and the whole thing was configured as a
highly-available cluster that would failover if the live firewall died.
Software used:
- Debian Lenny as base OS
- DRBD to synchronise some applications (eg, DNS)
- Heartbeat to monitor the servers
- drdblinks to manage Heartbeat/DRBD
- Shorewall to manage the iptables
Happy to give more details (on or off list) or to answer questions.
Keith
-- 
Keith Edmunds
+-------------------------------------------------------------------------+
|    Tiger Computing Ltd    |  Helping businesses make the most of Linux  |
|  "The Linux Specialists"  |       http://www.tiger-computing.co.uk      |
+-------------------------------------------------------------------------+