Dealing with Halted Firewalls
Posted in Good article by Mike Murray…
As systems administrators, it’s often funny how new and interesting information ends up in our hands. Sometimes, it’s through an intentional course of study; other times, it seems to arrive by accident. That’s exactly how the concept of using a halted Linux computer as a firewall occurred to me. I was at work, perusing an internal corporate mailing list and saw a message about something that was once present in Linux.
This discovery seems interesting as an exercise, at the very least. It gives us a model for improved security in machines that are dedicated to a specific task. I am curious to see whether this type of experiment is possible in other free Unixes (especially OpenBSD, given kernel space IPSec and pppoe). And, while there is limited application for home use, it seems that this type of firewall could be used in small to mid-size business applications to provide extremely secure packet-filtering ability. Or, perhaps this could be used to create a very secure and very high-bandwidth firewall/router for larger business tasks.
