Date: Thu, 22 Nov 2001 20:55:30 +0100 (CET) From: Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl> To: cjclark@alum.mit.edu Cc: security@FreeBSD.ORG Subject: Firewall design [was: Re: Best security topology for FreeBSD] Message-ID: <Pine.BSF.4.21.0111222046180.636-100000@lhotse.zaraska.dhs.org> In-Reply-To: <20011122031739.A226@gohan.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 22 Nov 2001, Crist J. Clark wrote: <snip> > It is sad to see this poor design, > > Internet > | > | > Firewall--"DMZ" > | > | > Internal > > Used so very, very much these days (I think thanks to several firewall > vendors pushing this as a standard design). > > A much better design, is > > Internet > | > | > Firewall1 > | > | > DMZ > | > | > Firewall2 > | > | > Internal > > (This design is actually where the term "DMZ" comes from since it > actually looks like one here.) Could you please explain why the second design is better? I know it's harder to properly construct the correct ruleset for the first topology, but what are other problems? Thanks in advance, Krzysztof To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0111222046180.636-100000>