[CentOS] Block network at logoff on workstation

Thu Feb 4 17:34:18 UTC 2010
Bowie Bailey <Bowie_Bailey at BUC.com>

David McGuffey wrote:
> I'm trying to reduce the attack surface to a home machine that is always
> on and connected to the Internet.  It is running CentOS 5.4, with tight
> iptables rules and sits behind a Verizon FiOS firewall/switch also
> configured with tight rules.
>
> I was wondering how to best block all network access to it when I log
> off...then unblock it when I log on. Changing iptables requires root
> access...as does running ifdown and ifup scripts.
>
> I could change the permissions on ifdown and ifup and run them from the
> login/logout scripts, but I'd prefer not to do that.
>
> Any tips?
>   

$ shutdown -h now

If the machine is not doing anything, what is the point of leaving it on
in the first place?

-- 
Bowie