Jon:
Get the terminology right. Runlevel 0 is known as single user mode and it is not in anyway halted. [...]
0 is halt. 1 is single-user. At least in LSB-ready systems.
Much cooler is to run the firewall without an IP address, but then you need console access too.