freebsd-pf Digest, Vol 64, Issue 5
GobbleDeGeek
gobbledegeek at gmail.com
Fri Dec 9 05:25:25 PST 2005
I agree. One way out is to setup each machine with a default tight local
policy that only allows access to the local "remote file system" (sic!)
then read in the more liberal site-wide policy to replace the existing
one... this will mean an nfs mount or a one-way rsync ... and a simple
per machine ruleset blocking everything
but the firewall policy servers nfs or rsync... any other ideas ??
Rgrds
>
> I would admit to this, but I am the only person usign these boxes.
>
> One is my machine in the office the other one is at home.
>
> Concerning the manageability I would say, yes, you are right. One
> should invent a solution like the manageability of WinXP SP2 with
> the help of the ActiveDirectory in a windows server domain.
>
> One ruleset for all boxes.
>
> But, often you read that attacks against servers will be done from
> the inside network.
>
>
>
> Marcus
>
More information about the freebsd-pf
mailing list