3.2. Starting and Stopping the Network Interface

Problem

You want to prevent all remote network connections, incoming and outgoing, on your network interfaces.

Solution

To shut down one network interface, say, eth0:

# ifconfig eth0 down

To bring up one network interface, say, eth0:

# ifconfig eth0 up

To shut down all networking:

# /etc/init.d/network stop

or:

# service network stop                            Red Hat

To bring up all networking:

# /etc/init.d/network start

or:

# service network start           Red Hat

Discussion

Linux provides three levels of abstraction for enabling and disabling your network interfaces (short of unplugging the network cable):

/sbin/ifconfig

The lowest level, to enable/disable a single network interface. It has other functions as well for configuring an interface in various ways.

/sbin/ifup, /sbin/ifdown

This mid-level pair of scripts operates on a single network interface, bringing it up or down respectively, by invoking ifconfig with appropriate arguments. They also initialize DHCP and handle a few other details. These are rarely invoked directly by users.

/etc/init.d/network

A high-level script that operates on all network interfaces, not just one. It runs ifup or ifdown for each interface as needed, and also handles other details: adding routes, creating a lock file to indicate that networking is enabled, and much more. It even toggles the loopback interface, which might be more than you intended, if you just want to block outside traffic.

The scripts ifup, ifdown, and network are pretty ...

Get Linux Security Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.