On 10/15/2011 10:20 PM, Bruce Dubbs wrote: > > Wow. That's a lot. I think I have one. I use a Linksys router with > DD-WRT, but I don't try to access any inside systems from the outside. > > -- Bruce Going way OT, but like I said, overly complex. I have 3 internal networks, one for clients, one for servers, and one for testing. I'm very explicit about what traffic goes where from each of the boxes in the server and testing VLANs. For instance, DNS alone accounts for 6 distinct rules in the v6 chain - that's UDP out for each of the server and testing VLANs, UDP in to each of the others from the client VLAN, and 2 TCP rules for zone transfers between testing and server VLANs (currently not utilized). It's pretty well locked down I think, but I'd like to have the ability to verify that myself at some point as I currently have only one IPv6 network at my disposal.
-- DJ Lucas -- This message has been scanned for viruses and dangerous content, and is believed to be clean. -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
