Just one question ... What's the advantage of having the Firewall/NAT rules written on a CD-R media?
If an attacker can modify the rules, it's very probable that (s)he can stop the Firewall/NAT or even change the source of the rules. Demetrio Carrión > > Should the NAT and Firewall rules be written and maintained on CD-R media > so > > a malicious attacker cannot hide rule changes? Should the firewall be > > re-initialized on a schedule to ensure the live rules are those from the > > read-only media? > > That's not a bad idea... I have never tried it so I don't know what > problems you may run into. ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/
