> Of course you have. Your firewall is compromised aka useless. The hacker can
> switch off all filter rules or add dynamic ones to hack the hosts behind the
> firewall, making the protection of the firewall void.
That's true, but it's possible to lose worse than that. For example, he can
do it untraceably. Or leave a trapdoor. I know one guy who had the hacker
install a whole new kernel on him.
> Since ext2fs supports append only and immutable (which is protected by
> securelvel) choosing an operating system needs to be decided by other
> (valid) differences.
Does it support the rest of the BSD securelevel stuff (for example, you can't
access raw devices at high levels of security even as root)?