> ..this would requires the presence of the loadable module,
> or _could_ the attacker provide it?
You never now potential security holes. So it's a good idea to keep a firewall
system as simple as possible:
no modules, not initrd, no editor, no shell, just iptables and a firewall
startup programm, period.
In a non perfect world you need isdn, pppoe, syslog too.
The whole system gets small enough to fit on a flash disk.
Currently I'm searching for cheap hardware to build fanless firewall systems.
Ciao'
Harry
