Possibility to lock iptables rules.
Jozsef Kadlecsik
kadlec at blackhole.kfki.hu
Thu Apr 21 15:53:54 CEST 2005
On Wed, 20 Apr 2005, Anders Peter Fugmann wrote:
> Well written, and your arguments are truly valid. I still see a
> practical usage though, as it will hold back the big mass of novice
> script kiddies. The lock bit would harden the system, but not make it
> unbreakable (there is no such thing as an unbreakable system, that is
> connected on the net.)
You can use any of the MAC systems of Linux and (when properly configured)
then even root won't be able to change the firewall/network settings of
your machine. Some of such systems in no particular order: SELinux, LIDS,
grsecurity, RSBAC.
Best regards,
Jozsef
-
E-mail : kadlec at blackhole.kfki.hu, kadlec at sunserv.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
H-1525 Budapest 114, POB. 49, Hungary
More information about the netfilter
mailing list