Date: Fri, 11 Aug 2000 15:24:14 -0400 From: "Andrew C. Hornback" <hornback@wireco.net> To: "'Andresen,Jason R.'" <jandrese@mitre.org> Cc: <questions@freebsd.org> Subject: Firewall Logic (was: RE: Firewalling for PPP Connections) Message-ID: <004a01c003c9$bc275ce0$d4776bce@challenger> In-Reply-To: <3992C145.345E5EBF@mitre.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: owner-freebsd-questions@FreeBSD.ORG > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of > Andresen,Jason R. > Sent: Thursday, August 10, 2000 10:51 AM > To: hyghlander@mindspring.com > Cc: questions@FreeBSD.ORG > Subject: Re: Firewalling for PPP Connections > > hyghlander@mindspring.com wrote: > > > > Folks: > > > > I've never been the sharpest knife in the drawer, but I was > a little > confused about the reference to a network card in > > > http://www.freebsd.org/tutorials/dialup-firewall/rules.html. > For my > PPP interface, I'm going out via tun0 to a modem on > a serial port. To > the best of my knowledge there's no > network card in the machine. > > Um, if the machine has no network attached to it, why are you > setting up > the box to be a firewall? A firewall is supposed to sit between the > internet and your internal network, but you appear to have > not internal > network, so the firewall seems kind of useless. Are you sure > you don't > just want to configure PPP and not bother with the firewall at all? Umm, the problem here is the given idea of what a firewall does. There's more than one definition for firewalls. Basically, they offer protection to the machines on the "private" side, protecting them from the "public" side. Now, a firewall can be a machine, or it can be a program implementation. Most often on here, we talk of a firewall machine, yet there are those who do not have LANs yet want the protection offered by the implementation of a firewall. The difference in this respect would be how the firewall would forward packets. In a firewall box/LAN setting, it would forward packets to other machines on the network. In the single machine setting, it would only allow applications/etc. to use packets that pass through the filter as being "good". Perhaps this user is wanting to set up a form of protection for their dial-up PPP connection. It doesn't seem all that strange to me. --- Andy To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004a01c003c9$bc275ce0$d4776bce>