From: Marc Chamberlin via openSUSE Users <users@lists.opensuse.org> Date: Sat, 08 Jul 2023 20:52:25 -0000 Dave Howorth wrote:
Then your entire system is a waste of resources. Just use software to control access.
Hmmm, Dave I don't understand your response or how you can come to a conclusion that my entire system is a waste of resources! . . . All you have done is throw my question back at me, told me to wave my hand and use software magic to control access. His point is that you do not seem to have set up your DMZ in the conventional way [1]. By allowing hosts on your DMZ to access the internal network (IIUC), you've eliminated the advantange of having a DMZ in the first place -- if someone hacks their way through the server, they've gained access to both networks. So if you want to restrict privileges to external users, you could discriminate at the server level based on external vs. internal IP addresses, and simplify your hardware configuration by eliminating the extra network. And my apologies if I've misunderstood what you want to do; I've only been half following this thread. -- Bob Rogers http://www.rgrjr.com/ [1] https://en.wikipedia.org/wiki/DMZ_(computing)