>> > IHMO a the configuration of such a machine should be done only from
>> > console. No telnet, ssh or whatever. If your machine gets breaked in,
>> > the intruder could then remove ip filters.
>> 
>> I'd agree.
>
>If you're worried about that level of security, you could set up the
>kernel part of IP filter so that it only accepts the first load of
>rules.  Same for ifconfig, and so on.  The list goes on.  This is one
>of the reasons we like Open Source(TM) systems!

theoterical secure level three?  ie:

no mounting or unmounting of filesystems...
no loading of ipf or ipnat rules...
no interface or route changes...
no opening disk devices, either character or block...
no time changes at all... (hmm...ntpd...after all, we want good time)
no setuid() calls or suid effect on programs...

?

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."