On 2019-02-02 11:47 p.m., David T-G wrote:
But that puts a "good" server on the same network as all of those IoT devices. Shouldn't we want the fridge and the thermostat and so on to not even be able to see a computer we want to protect?
Not a problem. The hardware routers I have all have a 'DMZ Host' address option. And that can be a router/gateway to a subnet. A while back I ran a PC based firewall: "IPCop". You could run as many 'subnets' or 'DMZ hosts' as you were willing to plug in additional Ethernet cards. http://ipcop.sourceforge.net/ <quote src="https://www.techradar.com/news/best-free-linux-firewall"> IPCop was originally a fork of Smoothwall (which we’ll also cover later) and was in turn forked by the IPFire team as updates to IPCop are few and far between. The most recent version (2.1.9) was released in February 2015. Installation is relatively straightforward, but there are some wildcard questions thrown into the mix. While these may puzzle the novice user, accepting the default options won't cause any issues unless you have a very specific network configuration. One of the main advantages of IPCop is that the installation image is very small (around 60MB) and can be copied onto a DVD or flash drive. IPCop's web interface feels clunky, although our tests proved that this was merely psychological, because it was actually incredibly responsive. However, other than the 'real-time' graphs that Smoothwall provides, IPCop gives a lot more information about your LAN setup, and about the running of the firewall itself, including a list of the connections that are currently open. The Firewall also provides a 'caching proxy', so that you can cache frequently accessed pages locally. IPCop does a good job as a firewall, giving plenty of information about traffic on your network, and while it might not be the prettiest distro in the world, it does what it's designed to do. </quote> Why did I stop using it? A couple of reasons: 1. The integrated Thompson unit is slim 2. I really wasn't interested in watching all the information IPCop could supply Perhaps with a small Pi-sized version I'd revise #1. I don't need 'pretty'. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org