[CentOS] Block network at logoff on workstation
Ross Walker
rswwalker at gmail.com
Thu Feb 4 14:19:46 UTC 2010
On Feb 3, 2010, at 9:36 PM, David McGuffey <davidmcguffey at verizon.net>
wrote:
> I'm trying to reduce the attack surface to a home machine that is
> always
> on and connected to the Internet. It is running CentOS 5.4, with
> tight
> iptables rules and sits behind a Verizon FiOS firewall/switch also
> configured with tight rules.
>
> I was wondering how to best block all network access to it when I log
> off...then unblock it when I log on. Changing iptables requires root
> access...as does running ifdown and ifup scripts.
>
> I could change the permissions on ifdown and ifup and run them from
> the
> login/logout scripts, but I'd prefer not to do that.
>
> Any tips?
Set iptables to block all inbound traffic unless initiated from your
workstation.
It's the most secure, all the time.
-Ross
More information about the CentOS
mailing list