AW: Firewall concepts
Marcus Franke
MFranke at evendi.de
Thu Dec 8 06:47:12 PST 2005
>
> Hello Marcus
> A firewall on every pc will soon become a nightmare to manage as the
> network grows. You could in theory put the pf rules on a read-only
> remote filesystem..and have every client access to it, but thats if
> you have time for such tricks...
>
> The internet gateway is the place to put your firewall - the one that
> has the direct connection to the internet. And make sure no one can
> unplug it from the network, or shut down the pf even temporarily.
>
I would admit to this, but I am the only person usign these boxes.
One is my machine in the office the other one is at home.
Concerning the manageability I would say, yes, you are right. One
should invent a solution like the manageability of WinXP SP2 with
the help of the ActiveDirectory in a windows server domain.
One ruleset for all boxes.
But, often you read that attacks against servers will be done from
the inside network.
Marcus
More information about the freebsd-pf
mailing list