Network Slug

A Network Slug, or "Slug", is a transparent layer 2 firewall running on a device with only two interfaces.

The purpose of a Slug is to reinforce a security policy or to block uninentional leaks of information.

For instance: misconfigured VPN software on a client may send some traffic, inadvertantly, outside the VPN.

In this scenario, a Slug that only allowed traffic to the VPN endpoint makes these misconfigurations much less dangerous.

A Slug has no IP address, cannot be reached on the network, and does not increment IP TTL.

A Slug has a simple ruleset that is enforced by default at startup time and should have no network services running.

Peers on the network would not notice this device and attackers would find it difficult to subvert the rules that the slug enforces.

[ body ]   [ wiki ]   [ discussion ]   [ changelog ]