When iptables stop the machine is a plain router
From: Maurice Hoeneveld (m.hoeneveld_at_hro.nl)
Date: 09/29/04
- Next message: Nuno Paquete: "Squid can't open HTTP port."
- Previous message: Nuno Paquete: "Re: Squid problems (first time run)."
- Next in thread: Jose Maria Lopez Hernandez: "Re: When iptables stop the machine is a plain router"
- Reply: Jose Maria Lopez Hernandez: "Re: When iptables stop the machine is a plain router"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 29 Sep 2004 14:26:12 -0700
I do use a RedHat 7 hardened machine with with 4 interfaces and
iptables on it as a firewall.
There are several internal networks defined in the routing table of
this machine.
No consider the following;
When I use start iptables the machine acts like a firewall and only
traffic that is allowed in the rules is send trough the firewall. The
rest is blocked ofcourse.
Now something weird happens (at least for a firewall)
When iptables stops working (manual, crashed or bufferoverflow by a
DoS attack) the machine is a plain router/bridge. So all traffic is
allowed based on the available routingtable in the machine.
When I see other firewall systems like Checkpoint for example you can
see that when the firewall processes are killed, the machine also
stops routing and is a kind of stealth environment like it should be
in case of an incident.
Anyone know how to solve this issue because I dont want that when
iptables is stopped my trusted environment is public available.
Thanks for your help and suggestions in advance.
Maurice Hoeneveld
mhoeneveld@zonnet.nl
- Next message: Nuno Paquete: "Squid can't open HTTP port."
- Previous message: Nuno Paquete: "Re: Squid problems (first time run)."
- Next in thread: Jose Maria Lopez Hernandez: "Re: When iptables stop the machine is a plain router"
- Reply: Jose Maria Lopez Hernandez: "Re: When iptables stop the machine is a plain router"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
