Re: [LINUX] IP_MASQ / Ethernet Passing Traffic After Halt

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Solar Designer: "Linux kernel patch to remove stack exec permission"
• Previous message: Sean B. Hamor: "[LINUX] IP_MASQ / Ethernet Passing Traffic After Halt"
• Maybe in reply to: Sean B. Hamor: "[LINUX] IP_MASQ / Ethernet Passing Traffic After Halt"
• Next in thread: Alan Cox: "Re: [LINUX] IP_MASQ / Ethernet Passing Traffic After Halt"

In article <Pine.LNX.3.96.970411235054.377A-100000@litterbox.org>,
Sean B. Hamor <hamors@LITTERBOX.ORG> wrote:
>  A problem exists in IP Masquerade under Linux which allows traffic to be
>  passed to external networks even after the gateway host has been halted.
>  As long as a connection has been established from an internal machine via
>  the IP Masquerade gateway to an external host and the Ethernet interfaces
>  inside the machine are still being supplied power, that connection will
>  stay online in a fully interactive state.

That might be true - the kernel as such keeps running if it is halted,
since a halt in Linux only means "kill all processes and then run an
idle loop". I don't believe the kernel keeps running during a warm reboot,
sorry...

Anyway, the latest halt and reboot of sysvinit (2.70) have a command line
switch "-i", which finds and shuts down all network interfaces. If you
get that one, and add a "-i" option to all calls to halt and reboot in
your init scripts, you're safe.

It might be better to fix this in the kernel..

Mike.

• Next message: Solar Designer: "Linux kernel patch to remove stack exec permission"
• Previous message: Sean B. Hamor: "[LINUX] IP_MASQ / Ethernet Passing Traffic After Halt"
• Maybe in reply to: Sean B. Hamor: "[LINUX] IP_MASQ / Ethernet Passing Traffic After Halt"
• Next in thread: Alan Cox: "Re: [LINUX] IP_MASQ / Ethernet Passing Traffic After Halt"