Re: why must linux for halted firewall?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Daniel Chemko wrote:

 

The ideal of a halted firewall is that the only possible exploit that could compromise a box is the kernel and the network core itself, and not depend on having userspace programs to cause possible security concerns.
 
As for the concern that you can’t log, I believe you can send syslogs to another machine from the kernel, no?
 
I personally don’t really care for halted firewalls myself. I constantly tweak the firewall to my environment (basically daily) so a halted firewall wouldn’t make any sense to me. If you have an ultra static firewall configuration and physical access to the machine, I can see that there can be benefit of having it, but you would also need a read-only storage medium since if the kernel is compromised, they could still dump garbage to physical disks.
 
 
I figured it had to be something like that. I can see where it would be useful it certain cases, but the inability to change rules dynamically is cuts both ways. Kinda like fighting with one hand tied behind your back . . . but holding a .357 in the other hand.
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux