nanog mailing list archives

Re: Routers vs. PC's for routing - was list problems?

From: Valdis.Kletnieks () vt edu
Date: Fri, 24 May 2002 00:52:14 -0400

On Thu, 23 May 2002 18:01:03 EDT, "Steven J. Sobol" said:

The box I want to build is passing packets between the rest of my network 
(and the public Internet) and one server that will hold sensitive data.
It'll be a Linux box with the TCP/IP stack running in bridged mode, with
two ethernet adapters installed. The box just needs to boot up and run. It
doesn't need to log anything.


I've heard tell that a good way to secure a Linux box that's doing this is
to have it boot, set up the interfaces, set up iptables, and then do
a quick /sbin/halt - if you fail to 'ifconfig down' the interfaces on the
way down, the kernel will happily forward the packets while being immune to
exploits (since there's no processes running anymore).  I haven't tried it,
so I dont know if it works.  Maybe there ARE cases where setting the default
runlevel to 0 or 6 make sense. ;)

Attachment: _bin
Description:

Current thread:

Re: Routers vs. PC's for routing - was list problems?, (continued)
- - - Re: Routers vs. PC's for routing - was list problems? Scott Francis (May 23)
    - Re: Routers vs. PC's for routing - was list problems? Alex Rubenstein (May 23)
    - Re: Routers vs. PC's for routing - was list problems? Kevin Day (May 23)
    - Re: Routers vs. PC's for routing - was list problems? E.B. Dreger (May 23)
    - Re: Routers vs. PC's for routing - was list problems? Steven J. Sobol (May 23)
    - Re: Routers vs. PC's for routing - was list problems? Dave Israel (May 23)
    - Re: Routers vs. PC's for routing - was list problems? E.B. Dreger (May 23)
    - Re: Routers vs. PC's for routing - was list problems? Dan Hollis (May 23)
    - Re: Routers vs. PC's for routing - was list problems? Steven J. Sobol (May 23)
    - Linux firewalling (Re: Routers vs. PC's for routing - was list problems?) E.B. Dreger (May 23)
    - Re: Routers vs. PC's for routing - was list problems? Valdis . Kletnieks (May 23)
    - Re: Routers vs. PC's for routing - was list problems? E.B. Dreger (May 23)
    - Re: Routers vs. PC's for routing - was list problems? David Ulevitch (May 23)
    - RE: Routers vs. PC's for routing - was list problems? Deepak Jain (May 24)
    - Re: Routers vs. PC's for routing - was list problems? Daryl G. Jurbala (May 23)
    - Re: Routers vs. PC's for routing - was list problems? Neil J. McRae (May 23)
    - Re: Routers vs. PC's for routing - was list problems? Nathan Stratton (May 23)
    - Re: Routers vs. PC's for routing - was list problems? Neil J. McRae (May 23)
    - Re: Routers vs. PC's for routing - was list problems? Nathan Stratton (May 23)
    - Re: Routers vs. PC's for routing - was list problems? Scott Granados (May 23)
    - Re: Routers vs. PC's for routing - was list problems? Anthony D Cennami (May 23)

(Thread continues...)