Darrick Hartman wrote:
> On Apr 27, 2009, at 5:07 PM, John Novack wrote:
>
>> May I assume this firewall module is not usable with boards that
>> only have a single Ethernet port?
>>
>>
>> John Novack
>
> Basically, yes 2+ interfaces are required.
Lonnie,
While not possible with the current Astlinux setup, it IS entirely
possible to run Arno's Firewall with only one interface. I do this all
the time to replace the stock iptables firewall on my Linux installs.
Even if a device is not providing routing functionality or acting as the
edge device in a network, it's still a sane security practice to have a
firewall in place.
Right now we have a test for intif prior to starting the firewall. It
could be argued that it may be desirable to have a firewall enabled at
all times.
Darrick
--
Darrick Hartman
DJH Solutions, LLC
http://www.djhsolutions.com
------------------------------------------------------------------------------
Well, I'd enthusiastically agree, since I'm running AstLinux with a single
Ethernet port and need to find a solution to block this attack, now underway.
For now, I'll just edit the stock iptables firewall. If it's feasible, it
seems this capability would be useful in a future revision.
Thanks for your help, all.
~ D
------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations
Conference from O'Reilly Media. Velocity features a full day of
expert-led, hands-on workshops and two days of sessions from industry
leaders in dedicated Performance & Operations tracks. Use code vel09scf
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users
Donations to support AstLinux are graciously accepted via PayPal to
pay...@krisk.org.
