[48231] in North American Network Operators' Group
Linux firewalling (Re: Routers vs. PC's for routing - was list
daemon@ATHENA.MIT.EDU (E.B. Dreger)
Sat May 25 02:55:47 2002
Date: Thu, 23 May 2002 22:24:16 +0000 (GMT)
From: "E.B. Dreger" <eddy+public+spam@noc.everquick.net>
To: "Steven J. Sobol" <sjsobol@JustThe.net>
Cc: Vinny Abello <vinny@tellurian.com>, nanog@merit.edu
In-Reply-To: <Pine.LNX.4.41.0205231758300.1721-100000@amethyst.nstc.com>
Errors-To: owner-nanog-outgoing@merit.edu
SJS> Date: Thu, 23 May 2002 18:01:03 -0400 (EDT)
SJS> From: Steven J. Sobol
SJS> The box I want to build is passing packets between the rest
SJS> of my network (and the public Internet) and one server that
SJS> will hold sensitive data. It'll be a Linux box with the
SJS> TCP/IP stack running in bridged mode, with two ethernet
SJS> adapters installed. The box just needs to boot up and
SJS> run. It doesn't need to log anything.
Might I suggest { ipfw | ipf | pf } on *BSD? Depending on the
flavor you choose, you'd have some or all of:
Stateful filtering... ISN proxying... firewall rules that can't
be changed without a reboot... diverting packets to userland for
custom munching...
Not to turn NANOG into a BSD evangelism list, but many people who
grok BSD and Linux seem to choose BSD. Try it.
--
Eddy
Brotsman & Dreger, Inc. - EverQuick Internet Division
Phone: +1 (316) 794-8922 Wichita/(Inter)national
Phone: +1 (785) 865-5885 Lawrence
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@brics.com>
To: blacklist@brics.com
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist@brics.com>, or you are likely to
be blocked.
