Date: Fri, 09 Dec 2005 18:54:45 +0530 From: GobbleDeGeek <gobbledegeek@gmail.com> To: freebsd-pf@freebsd.org Subject: Re: freebsd-pf Digest, Vol 64, Issue 5 Message-ID: <4399859D.1030200@gmail.com> In-Reply-To: <20051209120100.AE93816A427@hub.freebsd.org> References: <20051209120100.AE93816A427@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I agree. One way out is to setup each machine with a default tight local policy that only allows access to the local "remote file system" (sic!) then read in the more liberal site-wide policy to replace the existing one... this will mean an nfs mount or a one-way rsync ... and a simple per machine ruleset blocking everything but the firewall policy servers nfs or rsync... any other ideas ?? Rgrds > > I would admit to this, but I am the only person usign these boxes. > > One is my machine in the office the other one is at home. > > Concerning the manageability I would say, yes, you are right. One > should invent a solution like the manageability of WinXP SP2 with > the help of the ActiveDirectory in a windows server domain. > > One ruleset for all boxes. > > But, often you read that attacks against servers will be done from > the inside network. > > > > Marcus >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4399859D.1030200>