From owner-freebsd-questions Fri Feb 8 14:21:15 2002 Delivered-To: freebsd-questions@freebsd.org Received: from saratoga.linuxpowered.net (saratoga.linuxpowered.net [63.121.110.48]) by hub.freebsd.org (Postfix) with ESMTP id 5435737B420 for ; Fri, 8 Feb 2002 14:21:08 -0800 (PST) Received: (from mail@localhost) by saratoga.linuxpowered.net (8.12.1/8.12.1/Debian -2) id g18ML2Eu003618 for freebsd-questions@freebsd.org; Fri, 8 Feb 2002 14:21:02 -0800 Received: from saratoga.linuxpowered.net (www-data@localhost [127.0.0.1]) by saratoga.linuxpowered.net (8.12.1/8.12.1/Debian -2) with SMTP id g18ML1vF003610 for ; Fri, 8 Feb 2002 14:21:01 -0800 Received: from gate-wa.graphon.com ([63.121.110.34]) (SquirrelMail authenticated user aphro) by webmail.linuxpowered.net with HTTP; Fri, 8 Feb 2002 14:21:01 -0800 (PST) Message-ID: <64572.63.121.110.34.1013206861.squirrel@webmail.linuxpowered.net> Date: Fri, 8 Feb 2002 14:21:01 -0800 (PST) Subject: Re: Working Firewall in halt mode?? From: "nate" To: In-Reply-To: <4.2.0.58.20020208152214.00986a40@pop.netzero.net> References: <4.2.0.58.20020208152214.00986a40@pop.netzero.net> X-Priority: 3 Importance: Normal X-MSMail-Priority: Normal X-Mailer: SquirrelMail (version 1.2.4) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > I saw the following article today listed on Slashdot and found > this > interesting. > > http://www.samag.com/documents/s=1824/sam0201d/0201d.htm i saw this too and couldn't help but think why that would have any advantage over a bridged firewall. with a bridged firewall your running IP-less, so nothing can connect to it. and you get the benefits of a functional system (console to serial port? and/or disable keyboard login?). i run 2 such systems now and am deploying a 3rd, all running 4-port NICs for network monitoring/firewalling. In my case i have a 5th network interface on my internal networks for management, but if security was THAT much of an issue i could shut the interface off. i just can't see a good use for such a firewall in runlevel 0. nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message