I'm out of touch with the state of the art in network security. If I have a web host that is 'unsafe' in the sense that the software on it can potentially be compromised, what is the safest way to make it available to the great unwashed? [Apart from changing the software on the box!] Obviously, it could be attacked and wiped etc so it is not the computer itself I am concerned about, but consequential damage to anything else. If it is put in a DMZ, it could potentially compromise other machines in the DMZ, so that is too risky. But it seems like a one-machine-DMZ ought to be OK, enforcing some rules like: (1) no outbound connections (2) only receive external traffic on port 80 (3) only receive internal traffic from host such-and-such via ssh. This could be set up on an opensuse machine with an extra NIC, but are there off-the-shelf boxes that do such tasks? Cheers, Dave -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org