Date: Thu, 8 Dec 2005 15:47:00 +0100 From: "Marcus Franke" <MFranke@evendi.de> To: <freebsd-pf@freebsd.org> Subject: AW: Firewall concepts Message-ID: <AE41C3C123D61B45B457F3037275842F1E08B0@DC-EX-001.evendi.local>
next in thread | raw e-mail | index | archive | help
> > Hello Marcus > A firewall on every pc will soon become a nightmare to manage as the > network grows. You could in theory put the pf rules on a read-only > remote filesystem..and have every client access to it, but thats if > you have time for such tricks... > > The internet gateway is the place to put your firewall - the one that > has the direct connection to the internet. And make sure no one can > unplug it from the network, or shut down the pf even temporarily. > I would admit to this, but I am the only person usign these boxes. One is my machine in the office the other one is at home. Concerning the manageability I would say, yes, you are right. One should invent a solution like the manageability of WinXP SP2 with the help of the ActiveDirectory in a windows server domain. One ruleset for all boxes. But, often you read that attacks against servers will be done from the inside network. Marcus
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AE41C3C123D61B45B457F3037275842F1E08B0>