Routers vs. PC's for routing - was list problems?

• Previous message (by thread): Linux firewalling (Re: Routers vs. PC's for routing - was list problems?)
• Next message (by thread): Routers vs. PC's for routing - was list problems?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 23 May 2002 18:01:03 EDT, "Steven J. Sobol" said:

> The box I want to build is passing packets between the rest of my network 
> (and the public Internet) and one server that will hold sensitive data.
> It'll be a Linux box with the TCP/IP stack running in bridged mode, with
> two ethernet adapters installed. The box just needs to boot up and run. It
> doesn't need to log anything.

I've heard tell that a good way to secure a Linux box that's doing this is
to have it boot, set up the interfaces, set up iptables, and then do
a quick /sbin/halt - if you fail to 'ifconfig down' the interfaces on the
way down, the kernel will happily forward the packets while being immune to
exploits (since there's no processes running anymore).  I haven't tried it,
so I dont know if it works.  Maybe there ARE cases where setting the default
runlevel to 0 or 6 make sense. ;)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20020524/383cbda3/attachment.sig>

• Previous message (by thread): Linux firewalling (Re: Routers vs. PC's for routing - was list problems?)
• Next message (by thread): Routers vs. PC's for routing - was list problems?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]