|
Run your firewall in halted mode for better security |
vote
 |
|
Now this ought to be secure enough to meet even the most stringent checklist! I had noticed that my 2.0-based machine still responds to ping after it's shut down but never considered the possibilities of something like this.
"My first response was to stifle a laugh -- a firewall that works while in a halted state? I contacted the author (with a bit too much sarcasm in my letter), and was sent a link to an old discussion thread on the Firewalls list about a rumored feature in the 2.0.x kernels. This feature allowed you to run shutdown -h (halt) on the machine, and the firewall would remain active but with no drives mounted and no processes running. That is, the firewall would be in run level 0, but still be filtering packets. However, the list mentioned that this no longer worked in the 2.2.x series kernels."
"I knew that I couldn?t leave it alone, however. I set out to make a 2.2.x box perform a similar function, and I hoped that I would be able to do it without having to patch the kernel in any way. It turns out that I can."
| | |
| |
|
| | read more | mail this link | score:7795 | -Ray, February 8, 2002 |
| |
|
More Sysadmin articles... |
|
|
