Run Your Firewall Halted for Extra Security

n8willis writes: "There's a great article over at the SysAdmin magazine site that presents a unique approach to improving network security: run your firewall in a halted state. This means runlevel 0; no processes running and no disks mounted, but with packet filtering still on. The author heard a rumor of this capability in the 2.0 series kernels, and he's managed to get it working in 2.2 as well."

Works for me...

[Rorschach1]

Though I usually just use the power switch. Can't beat a powered-off firewall for security.

Re:Works for me...

[Jonny+Ringo]

I actually just light mine on fire. It just makes sense, than once the fire catches to the cords I know I'm secure.

better still..

[Hooya]

is the system i have at home. i look at each incoming packet on paper and then pass it on the the lan if it looks legit. the only way to punch a hole in the firewall is with a shotgun at my belly..

Old news

[pHalec]

Bah, I've got an old Pentium with some faulty memory that crashes on a regular basis.

It's been reliably packet-forwarding for me for over a month with a kernel-oops on screen.

Re:Logging? - syslog

[JimR]

As other people have pointed out there will be no
syslog running in runlevel 0.

I guess you could always run the video out into
a VCR... or use a serial console and a line printer.

But...

[Klowner]

Then how would I telnet to my firewall from school?

*dodges flying shoes*

;)

Klowner

I'm more secure

Cool! I just halted my BlackIce service. If I hadn't read this article, I would never have known that doing that would make me more secure.

Thanks Slashdot :) You rock. I don't have to worry about my hard drive shares being exposed now...

Re:Logging?

[Foxman98]

would be fairly easy...

see we have this thing these days....

it's called "fire"

i have portable "fire creation device".

commonly called a "lighter"

;-p

Can't use it, either.

[mfh]

Just testing my user id #56 really. :)