Re: [LINUX] IP_MASQ / Ethernet Passing Traffic After Halt

[miquels () CISTRON NL (Miquel van Smoorenburg)]

In article <Pine.LNX.3.96.970411235054.377A-100000 () litterbox org>,
Sean B. Hamor <hamors () LITTERBOX ORG> wrote:
>  A problem exists in IP Masquerade under Linux which allows traffic to be
>  passed to external networks even after the gateway host has been halted.
>  As long as a connection has been established from an internal machine via
>  the IP Masquerade gateway to an external host and the Ethernet interfaces
>  inside the machine are still being supplied power, that connection will
>  stay online in a fully interactive state.

That might be true - the kernel as such keeps running if it is halted,
since a halt in Linux only means "kill all processes and then run an
idle loop". I don't believe the kernel keeps running during a warm reboot,
sorry...

Anyway, the latest halt and reboot of sysvinit (2.70) have a command line
switch "-i", which finds and shuts down all network interfaces. If you
get that one, and add a "-i" option to all calls to halt and reboot in
your init scripts, you're safe.

It might be better to fix this in the kernel..

Mike.