Carlos E. R. wrote:
Yes, IMO, if you want separation the firewall is not the tool. You need separate cables. Any machine connected to the cable can listen to things that are not for it if it wishes.
As far as firewall is concerned, my policy is to close all, and open only those needed ports, if possible only from the IPs that need access. Yes, but this is not what I wanted to hear. ;-)
I do not search a perfect separation for my SOHO network. I search an easy solution which provides better security than the current solution, where SuSEfirewall has only one set of rules for trusted, untrusted and Internet hosts. So for instance an Android app which has hidden spyware capabilities should not query a list of my DLNA shared videos and send it to its master. (DLNA shared have usually no password/PIN.) This spyware is probably not powerful enough to fake the MAC address of the smartphone or to hack the router. Greetings, Björn -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org