Hi David,
>With the 2.0 series kernels (you should _really_ be using 2.0.36 for
>security, 2.0.37 is due out in the near future) all you need to do is let
>the system boot, have your setup scripts run the ipfwadm commands to setup
>the filtering/masquerading rules and then run shutdown -h now. your system
>shuts down but the kernel is still running.
So, how do you shutdown/reboot the machine after it's in this mode with no
userspace to login? Just cycle the power?
>I have done this with
>Slackware, with other distributions you will need to double check the
>shutdown scripts to make sure they do not disable int interfaces. The easy
>way to tell this is to start a ping on another machine, shutdown a test
>machine and if the ping continues you should be set. I know that Redhat
>specificly disables packet forwarding during shutdown and so I suspect
>that it shuts down the interfaces as well.
I only have a Redhat distribution. Could you post the shutdown script from
slackware, please?
Thanks a lot,
Boris.
>
>David Lang
>
>
>
>
>On Thu, 11 Mar 1999, Allen Jantzen wrote:
>
>> Date: Thu, 11 Mar 1999 16:40:42 -0500
>> From: Allen Jantzen <[EMAIL PROTECTED]>
>> To: David Lang <[EMAIL PROTECTED]>
>> Cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
>> Subject: Re: Linux Firewall solutions
>>
>> David Lang wrote:
>> >
>> > -----BEGIN PGP SIGNED MESSAGE-----
>> >
>> > I have several firewalls in use running on Linux for the following
>> > reasons
>> > (in no particular order)
>>
>> ...snip...
>>
>> > 4. with the 2.0 kernel series if you don't need proxys you can setup a
>> > firewall that configures itself and then halts the system. The kernel
>> > will
>> > continue to run and move your packets, but there is no userspace
>> > running
>> > for someone to crack into, with the 2.2. kernels that is not possible
>> > now,
>> > but people are working to re-enable it (the 2.2 kernel decides that if
>> > init dies the system needs to reboot and does so immediatly)
>>
>> This is very interesting. I have not heard of it. How do you enable
>> it?
>>
>> allen
>>
>
>"If users are made to understand that the system administrator's job is to
>make computers run, and not to make them happy, they can, in fact, be made
>happy most of the time. If users are allowed to believe that the system
>administrator's job is to make them happy, they can, in fact, never be made
>happy."
>- -Paul Evans (as quoted by Barb Dijker in "Managing Support Staff", LISA
'97)
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP for Personal Privacy 5.0
>Charset: noconv
>
>iQEVAwUBNuhF0j7msCGEppcbAQEaygf9FrSVHX2Wg/UeMxUhKaWESz2LR3Y1cXgN
>crH6JzjlMjfKBMPqYh5gRlt0LJJJLWb6GN2dgqe7aAPVGuIiWMdtPedFVRL8HHH/
>XHglLThJvylyLgaTdIUOiGKZZxH3uhDiawo3xVt+WQ8bcbdofAnsGLPquu2ry56H
>muOYmtJ67ptIRdD62JjNQyIqZoKgvR9tXKysmpxR+UX74AmsJs5dw1sISLCREyxZ
>nu3tOMpYm3PVWEBvS7Tkpgs/yxuYrs2so3wSzoLKu5aEQ6QkfqOjlVIAhjL3LbI4
>tK+Rb4PKpJBPBrTm8t7qz8ANQa/HwR+xVxFUivbDxvC5Kb5v0KDHNA==
>=mH7m
>-----END PGP SIGNATURE-----
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
