[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Firewall design

Subject: [ale] Firewall design
From: cfowler at outpostsentinel.com (Christopher Fowler)
Date: Wed Jun 1 09:13:02 2005
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]>

On Wed, 2005-06-01 at 07:56, Stuffed Crust wrote:
> On Tue, May 31, 2005 at 10:19:44PM -0400, Christopher Fowler wrote:
> > What ever I do my plan is to create the firewall as a bridging firewall
> > with _no_ address.  The only access will be via serial console.  We'll
> > install a console management device at the remote site so I will have to
> > access it first remotely before I can connect to the console on the
> > firewall to config or make changes.
> 
> This limits its effectiveness somewhat, as you'll be forced to use 
> ebtables instead of iptables, which has a much smaller functionality 
> set.  This is because when bridging the IP traffic never actually hits 
> the interfaces, thus the standard INPUT/FORWARD/OUTPUT rules never 
> apply.  And NAT will certianly have to be handled by another machine; 
> one with actual IP addresses configured.
> 

You do not need many features.  In the header of the packet is source
and dest.  You simply have rules on that.  What other features would you
need?

References:
- [ale] Firewall design
  - From: pizza at shaftnet.org (Stuffed Crust)

Prev by Date: [ale] Firewall design
Next by Date: [ale] Can anyone help me get the Rox Filer to work with E inSUSE9.1
Previous by thread: [ale] Firewall design
Next by thread: [ale] Firewall design
Index(es):
- Date
- Thread