Possibility to lock iptables rules.

Jozsef Kadlecsik kadlec at blackhole.kfki.hu
Thu Apr 21 15:53:54 CEST 2005


On Wed, 20 Apr 2005, Anders Peter Fugmann wrote:

> Well written, and your arguments are truly valid. I still see a
> practical usage though, as it will hold back the big mass of novice
> script kiddies. The lock bit would harden the system, but not make it
> unbreakable (there is no such thing as an unbreakable system, that is
> connected on the net.)

You can use any of the MAC systems of Linux and (when properly configured)
then even root won't be able to change the firewall/network settings of
your machine. Some of such systems in no particular order: SELinux, LIDS,
grsecurity, RSBAC.

Best regards,
Jozsef
-
E-mail  : kadlec at blackhole.kfki.hu, kadlec at sunserv.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary



More information about the netfilter mailing list