If your firewall has no daemons listening how can it know when to pass a
packet?
You have to have some daemons running but run only the one you can check
and
understand.
If there is no server behind your "firewall", why don't you just use a
packet screen (in a
already used router?) and block everything except packets that belong to
outgoing sessions?
Firewalls are evented (amongst other things) to protect inside server
deamons and as
you don't have these there is no need to use a firewall.
Save you a lot of money and headbreaking on configuring one!
Just my 2 cents,
Rens
(Embedded
image moved tech @ cic.qc.ca
to file: 11/11/96 17:48
PIC18849.PCX)
To: Firewalls @ GreatCircle.COM
cc: (bcc: Rens Schipper/NOTES4/NL)
Subject: Firewall & Masquerading
Hi,
I'll be setting up a firewall soon, and I have a few questions
First of all, inside the firewall there will be no server, so there's no
reason for any incoming connection. But we don't want to limit anybody on
the inside (everybody is trusted).
In this case, can a Unix box with IP Masquerading which blocks IP
source routing secure ?
The firewall itself should be secure : no daemon listening to any
port....
Any comment ?
Attachment:
PIC18849.PCX
Description: Binary data
Follow-Ups:
|
|
