Run Your Linux Firewall Halted for Extra Security

MonMotha monmotha at indy.rr.com
Fri Feb 8 14:16:29 PST 2002 

It most certainly does still work, at least when the hard drive fails. 
I had an IBM deskstar (see a trend here? it was 5 years old I guess) 
fail in my NAT box and I didn't even know it was down until I tried to 
log in to it and it of course couldn't authenticate as it couldn't read 
the passwd or shadow file.

--MonMotha

Warren Togami wrote:
> http://www.samag.com/documents/s=1824/sam0201d/0201d.htm
> "There's a great article over at the SysAdmin magazine site that presents a
> unique approach to improving network security: run your firewall in a halted
> state. This means runlevel 0; no processes running and no disks mounted, but
> with packet filtering still on. The author heard a rumor of this capability
> in the 2.0 series kernels, and he's managed to get it working in 2.2 as
> well."
> 
> I once did this by accident with an early 2.2.x kernel when a defective new
> IBM Deskstar hard drive crashed on my firewall. It continued to be pingable
> and route packets though I could no longer log in.  Upon plugging in the
> monitor I found kernel panic messages and IDE and DMA timeouts.
> 
> Anyone know if this still works with 2.4.x iptables?
> 
> What are the security implications?  The main drawback of course would be
> that changing iptables rules would be a painful process of rebooting and
> maybe 30 seconds of downtime (in an optimally configured setup).
> 
> There has to be a simple way to hack the kernel to "revive" from runlevel 0
> with certain key presses locally?
> 
> If so, this would make another powerful method of running production Linux
> firewalls.  IMPOSSIBLE to root remotely, and you can change iptables rules
> without downtime locally.
> 
> I'm thinking custom "Halted Linux Firewall" distribution that fits on a 4MB
> flash IDE disk.  (Could also fit on a floppy, but floppies are unreliable
> and slow pieces of crap.)  Anyone want to put together such a beast? =)
> 
> Warren
> 
> 
> 
> ---
> You are currently subscribed to luau as: monmotha at indy.rr.com
> To unsubscribe send a blank email to $subst('Email.Unsub')
> 
>

More information about the LUAU mailing list