On 2017-03-18 22:19, jdd wrote:
Le 18/03/2017 à 21:18, Bjoern Voigt a écrit :
I know, that I can configure such a network setup in SuSEfirewall using three networks cards, each connected with one network. But no, I only use one network card.
is that simply useful? packets will go through every computer on the network and may be sniffed in promiscuous mode without susefirewall even knowing it.
Yes, IMO, if you want separation the firewall is not the tool. You need separate cables. Any machine connected to the cable can listen to things that are not for it if it wishes. As far as firewall is concerned, my policy is to close all, and open only those needed ports, if possible only from the IPs that need access. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" (Minas Tirith))