Re: [suse-security] Firewall + server on one machine?
You seem to imply, that firewall = ipchains + masquerading. The problem
with this approach ist, that you still forward pacakges from the hostile
net to the internal net. And vulnerable IP-stacks on internal system could
be attacked. If you build an application level firewall (using squid,
socks, plug-gw et. al), then ipchains is an add-on for improved security,
but you can make the system pretty save without it. But you would have to
turn off ip-forwarding, or have some rule in the forwar-chain of ipchains.
To harden a firewall and a server is quite similar ..
Rainer
Ragnar Beer
Hi
You can build Rules for paketfiltering with Ipchains. That`s okay on a stand-alone-Machine. A real Firewall cannot save the same Machine where it is install.
I guess that's what I don't understand. If I can make separate rules for incoming and outgoing packets isn't then the firewalling something like a virtual machine in between? What would be the advantage of having another (physical) machine if I have only one machine to protect? --Ragnar --------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (1)
-
rhoerbe@netpromote.co.at