yep, been doing it for years. the fun part is explaining to auditors why you are having to reboot the box when they ask you to show you it's config :-)
if you can get away with packet filtering and are willing to go without logs it sure eases concerns about vunerable services on the box (the only bug that can bite you is a kernel bug and they are _Very_ rare) David Lang On Fri, 8 Feb 2002, David Endler wrote: > Date: Fri, 8 Feb 2002 16:21:39 -0500 > From: David Endler <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: running a firewall in halted state > > Here's a link to a Sys Admin Magazine article about how to run a linux > firewall in halted state. pretty cool idea. > > http://www.samag.com/documents/s=1824/sam0201d/0201d.htm > <http://www.samag.com/documents/s=1824/sam0201d/0201d.htm> > > David Endler, CISSP > Director, iDEFENSE Labs > 14151 Newbrook Drive > Suite 100 > Chantilly, VA 20151 > voice: 703-344-2632 > fax: 703-961-1071 > > [EMAIL PROTECTED] > www.idefense.com > > _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
