On Feb 3, 2010, at 9:36 PM, David McGuffey <davidmcguffey at verizon.net> wrote: > I'm trying to reduce the attack surface to a home machine that is > always > on and connected to the Internet. It is running CentOS 5.4, with > tight > iptables rules and sits behind a Verizon FiOS firewall/switch also > configured with tight rules. > > I was wondering how to best block all network access to it when I log > off...then unblock it when I log on. Changing iptables requires root > access...as does running ifdown and ifup scripts. > > I could change the permissions on ifdown and ifup and run them from > the > login/logout scripts, but I'd prefer not to do that. > > Any tips? Set iptables to block all inbound traffic unless initiated from your workstation. It's the most secure, all the time. -Ross