Run Your Linux Firewall Halted for Extra Security
Warren Togami
warren at togami.com
Fri Feb 8 10:13:48 PST 2002
http://www.samag.com/documents/s=1824/sam0201d/0201d.htm
"There's a great article over at the SysAdmin magazine site that presents a
unique approach to improving network security: run your firewall in a halted
state. This means runlevel 0; no processes running and no disks mounted, but
with packet filtering still on. The author heard a rumor of this capability
in the 2.0 series kernels, and he's managed to get it working in 2.2 as
well."
I once did this by accident with an early 2.2.x kernel when a defective new
IBM Deskstar hard drive crashed on my firewall. It continued to be pingable
and route packets though I could no longer log in. Upon plugging in the
monitor I found kernel panic messages and IDE and DMA timeouts.
Anyone know if this still works with 2.4.x iptables?
What are the security implications? The main drawback of course would be
that changing iptables rules would be a painful process of rebooting and
maybe 30 seconds of downtime (in an optimally configured setup).
There has to be a simple way to hack the kernel to "revive" from runlevel 0
with certain key presses locally?
If so, this would make another powerful method of running production Linux
firewalls. IMPOSSIBLE to root remotely, and you can change iptables rules
without downtime locally.
I'm thinking custom "Halted Linux Firewall" distribution that fits on a 4MB
flash IDE disk. (Could also fit on a floppy, but floppies are unreliable
and slow pieces of crap.) Anyone want to put together such a beast? =)
Warren
More information about the LUAU
mailing list