I am not sure, but I think one of the big reasons that some people say to
stay away from loadable modules is that assuming someone breaks into your
system, they could reconfigure the modules, and add new ones or replace
existing ones without having to take the system down and rebuild the whole
kernel...
---Reply on mail from Henry Hollenberg about Linux firewall question.
>
> A debate has arisen regarding using loadable modules for a linux based
> firewall system and I'm trying to sort thru the issues involved.
>
> I thought I had read somewhere perhaps here that if at all possible
> loadable modules should be avoided on a firewall system....ie everything
> needed by the kernel and only what is needed should be compiled in.
>
> But now I've run into strong opinion that the kernel should use loadable
> modules.
>
> Am I off base to insist on _not_ using loadable modules.
>
> I'd be intrested in any experience anyone could share.
>
---End reply
--
Bret McDanel http://www.rehost.com
Realistic Technologies, Inc. 973-514-1144
These opinions are mine, and may not be the same as my employer
Follow-Ups:
References:
|
|
