[ale] My firewall
Joseph A Knapka
jknapka at earthlink.net
Sat Nov 3 10:40:19 EST 2001
Ken Nagorski wrote:
>
> I would like to point out that at some point my firewall remounted / as
> a ro filesystem. I think the disk is hosed, point being it is still
> working. I can ssh to it however I cannot ftp and some of the commands
> give me IO errors. I noticed this like almost two weeks ago
> and guess what it is still running and passing packets. How cool?
>
> Actually I have a question. Is this cause the stuff I need is loaded
> into
> memory?
Yes. Unless things have changed recently, it's actually possible
to halt the system after the firewall and route tables are
configured, and it will happily pass packets that way: IP
forwarding will work fine even if there are no processes running
on the system, since it's all interrupt-driven. (This was certainly
true with kernel 2.2 and ipchains.) Hard to hack a firewall that's
not running any userspace code whatsoever :-)
Cheers,
-- Joe
# "You know how many remote castles there are along the
# gorges? You can't MOVE for remote castles!" - Lu Tze re. Uberwald
# (Obsolete) Linux MM docs:
http://home.earthlink.net/~jknapka/linux-mm/vmoutline.html
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list