The ideal of a halted firewall is that the only possible exploit that could compromise a box is the kernel and the network core itself, and not depend on having userspace programs to cause possible security concerns.
As for the concern that you can’t log, I believe you can send syslogs to another machine from the kernel, no?
I personally don’t really care for halted firewalls myself. I constantly tweak the firewall to my environment (basically daily) so a halted firewall wouldn’t make any sense to me. If you have an ultra static firewall configuration and physical access to the machine, I can see that there can be benefit of having it, but you would also need a read-only storage medium since if the kernel is compromised, they could still dump garbage to physical disks.
>What
would be the benefit in configuring a system like this? It seems to run
contrary to the evolution of IT appliances where you can configure and manage >everything usually
without restarting (firewalls, switches, print servers, even ups units). I
don't get it ;-)
�