On Thu, 2010-02-04 at 09:19 -0500, Ross Walker wrote: > On Feb 3, 2010, at 9:36 PM, David McGuffey <davidmcguffey at verizon.net> > wrote: > > > I'm trying to reduce the attack surface to a home machine that is > > always > > on and connected to the Internet. It is running CentOS 5.4, with > > tight > > iptables rules and sits behind a Verizon FiOS firewall/switch also > > configured with tight rules. > > > > I was wondering how to best block all network access to it when I log > > off...then unblock it when I log on. Changing iptables requires root > > access...as does running ifdown and ifup scripts. > > > > I could change the permissions on ifdown and ifup and run them from > > the > > login/logout scripts, but I'd prefer not to do that. > > > > Any tips? > > Set iptables to block all inbound traffic unless initiated from your > workstation. > > It's the most secure, all the time. > > -Ross It is already set up that way...but I was thinking about taking the interface down if no one is logged into the console (this is a workstation used as a home computer and not supporting any network servers). I was thinking of a cron job that would run 'who' and if there were no active logins, run 'ifdown eth0' DaveM