-----BEGIN PGP SIGNED MESSAGE-----
With the 2.0 series kernels (you should _really_ be using 2.0.36 for
security, 2.0.37 is due out in the near future) all you need to do is let
the system boot, have your setup scripts run the ipfwadm commands to setup
the filtering/masquerading rules and then run shutdown -h now. your system
shuts down but the kernel is still running. I have done this with
Slackware, with other distributions you will need to double check the
shutdown scripts to make sure they do not disable int interfaces. The easy
way to tell this is to start a ping on another machine, shutdown a test
machine and if the ping continues you should be set. I know that Redhat
specificly disables packet forwarding during shutdown and so I suspect
that it shuts down the interfaces as well.
David Lang
On Thu, 11 Mar 1999, Allen Jantzen wrote:
> Date: Thu, 11 Mar 1999 16:40:42 -0500
> From: Allen Jantzen <[EMAIL PROTECTED]>
> To: David Lang <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
> Subject: Re: Linux Firewall solutions
>
> David Lang wrote:
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> >
> > I have several firewalls in use running on Linux for the following
> > reasons
> > (in no particular order)
>
> ...snip...
>
> > 4. with the 2.0 kernel series if you don't need proxys you can setup a
> > firewall that configures itself and then halts the system. The kernel
> > will
> > continue to run and move your packets, but there is no userspace
> > running
> > for someone to crack into, with the 2.2. kernels that is not possible
> > now,
> > but people are working to re-enable it (the 2.2 kernel decides that if
> > init dies the system needs to reboot and does so immediatly)
>
> This is very interesting. I have not heard of it. How do you enable
> it?
>
> allen
>
"If users are made to understand that the system administrator's job is to
make computers run, and not to make them happy, they can, in fact, be made
happy most of the time. If users are allowed to believe that the system
administrator's job is to make them happy, they can, in fact, never be made
happy."
- -Paul Evans (as quoted by Barb Dijker in "Managing Support Staff", LISA '97)
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQEVAwUBNuhF0j7msCGEppcbAQEaygf9FrSVHX2Wg/UeMxUhKaWESz2LR3Y1cXgN
crH6JzjlMjfKBMPqYh5gRlt0LJJJLWb6GN2dgqe7aAPVGuIiWMdtPedFVRL8HHH/
XHglLThJvylyLgaTdIUOiGKZZxH3uhDiawo3xVt+WQ8bcbdofAnsGLPquu2ry56H
muOYmtJ67ptIRdD62JjNQyIqZoKgvR9tXKysmpxR+UX74AmsJs5dw1sISLCREyxZ
nu3tOMpYm3PVWEBvS7Tkpgs/yxuYrs2so3wSzoLKu5aEQ6QkfqOjlVIAhjL3LbI4
tK+Rb4PKpJBPBrTm8t7qz8ANQa/HwR+xVxFUivbDxvC5Kb5v0KDHNA==
=mH7m
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
