“As systems administrators, it’s often funny how new
and interesting information ends up in our hands. Sometimes, it’s
through an intentional course of study; other times, it seems to
arrive by accident. That’s exactly how the concept of using a
halted Linux computer as a firewall occurred to me. I was at work,
perusing an internal corporate mailing list and saw a message about
something that was once present in Linux. The message referred to a
method for shutting down a Linux box while ipchains is still
running, and having the box continue to perform firewall tasks. My
first response was to stifle a laugh — a firewall that works
while in a halted state? I contacted the author (with a bit too
much sarcasm in my letter), and was sent a link to an old
discussion thread on the Firewalls list about a rumored feature in
the 2.0.x kernels. This feature allowed you to run shutdown -h
(halt) on the machine, and the firewall would remain active but
with no drives mounted and no processes running. That is, the
firewall would be in run level 0, but still be filtering packets.
However, the list mentioned that this no longer worked in the 2.2.x
series kernels.I knew that I couldn’t leave it alone, however. I set out to
make a 2.2.x box perform a similar function, and I hoped that I
would be able to do it without having to patch the kernel in any
way. It turns out that I can.”
SysAdmin: Halted Firewalls (Running Linux Firewalls at Run Level 0)
By
Get the Free Newsletter!
Subscribe to Developer Insider for top news, trends, & analysis