-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2015-05-11 02:27, James Knott wrote:
On 05/10/2015 06:05 PM, Carlos E. R. wrote:
What to do on machines with only one socket? It is connected to the internal network, yes, so it should be "internal". However, in that LAN there is one machine, a router, that connects to the outside. It is this machine that should run a good and reliable firewall to protect all the machines inside.
Does "internal" really apply to a single computer? There is only what's external to it, that is the rest of the lan and beyond that it has to be protected from.
Well, yes, I consider the interface on a lone computer as external. And when I consider one as "internal", I also set "protect from internal" on. It does complicates things a lot, of course. Every service I want, samba, nfs, printing... has to be explicitly allowed. - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlVQAOoACgkQja8UbcUWM1w57gEAiv+XZYy7QQi8/tnYouf9VPsd GB0yaVpHfAZdRJwYfqkA/0Q2prQO9rUGp4OVvi1G+nobtS4ogJlIvrWsO+6r6FqP =7ouq -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org