Further adventures in Firewall upgrades
Jonathan Hutchins
hutchins at opus1.com
Mon Apr 8 19:29:20 CDT 2002
----- Original Message -----
From: "Lucas Peet" <lpeet at eccod.com>
> Here's an idea:
> Configure your firewall - all your rules setup,etc...
> Now, remove the K**ipchains and K**network scripts from all your rc*
> folders, and halt the machine. The machine will be halted - 0 process
> space, 0 user space, and NO processes are running except the kernel, the
> network, and your firewall, filtering packets like a good firewall should.
I've heard of running a firewall in a "halted" stat, but haven't tried it so
far. I'm not sure what it means to "halt the machine". shutdown -h now?
telinit 0?
Don't you loose logging if you do that?
Thinking on this, with a live machine you can run timed scripts to do things
like allow connections from The Office, but only between 8:00 and 5:00
'cause otherwise the office is closed.
More information about the Kclug
mailing list