Routers vs. PC's for routing - was list problems?
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Fri May 24 04:52:14 UTC 2002
On Thu, 23 May 2002 18:01:03 EDT, "Steven J. Sobol" said:
> The box I want to build is passing packets between the rest of my network
> (and the public Internet) and one server that will hold sensitive data.
> It'll be a Linux box with the TCP/IP stack running in bridged mode, with
> two ethernet adapters installed. The box just needs to boot up and run. It
> doesn't need to log anything.
I've heard tell that a good way to secure a Linux box that's doing this is
to have it boot, set up the interfaces, set up iptables, and then do
a quick /sbin/halt - if you fail to 'ifconfig down' the interfaces on the
way down, the kernel will happily forward the packets while being immune to
exploits (since there's no processes running anymore). I haven't tried it,
so I dont know if it works. Maybe there ARE cases where setting the default
runlevel to 0 or 6 make sense. ;)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20020524/383cbda3/attachment.sig>
More information about the NANOG
mailing list