Re: down to the core

To: debian-firewall@lists.debian.org
Subject: Re: down to the core
From: Harald Gröne <h.groene@gmx.net>
Date: Wed, 28 Jul 2004 09:54:30 +0200
Message-id: <[🔎] 200407280954.30647.h.groene@gmx.net>
In-reply-to: <[🔎] 20040728092801.3e88b6cd.arnt@c2i.net>
References: <[🔎] 1090621559.5213.3.camel@jmedina.calcom.com.mx> <[🔎] 87pt6gomh5.fsf@enki.rimspace.net> <[🔎] 20040728092801.3e88b6cd.arnt@c2i.net>

> ..this would requires the presence of the loadable module,
> or _could_ the attacker provide it?

You never now potential security holes. So it's a good idea to keep a firewall 
system as simple as possible: 

no modules, not initrd, no editor, no shell, just iptables and a firewall 
startup programm, period.

In a non perfect world you need isdn, pppoe, syslog too.

The whole system gets small enough to fit on a flash disk. 

Currently I'm searching for cheap hardware to build fanless firewall systems.

		Ciao'

			Harry

Reply to:

Follow-Ups:
- Re: down to the core
  - From: James LeClair <qwerty@eastlink.ca>

References:
- Re: down to the core
  - From: Jorge Armando Medina <jmedina@calcom.com.mx>
- Re: down to the core
  - From: Daniel Pittman <daniel@rimspace.net>
- Re: down to the core
  - From: Arnt Karlsen <arnt@c2i.net>

Prev by Date: Re: down to the core
Next by Date: Re: down to the core
Previous by thread: Re: down to the core
Next by thread: Re: down to the core
Index(es):
- Date
- Thread