On 2015-07-27, Quartz <qua...@sneakertech.com> wrote: > Some years ago I remember reading that when using OpenBSD (or any OS, > really) as a router+firewall it was considered inadvisable from a > security standpoint to have the different networks all attached to a > single network card with multiple ethernet ports. The thinking being > that it was theoretically possible for an attacker to exploit bugs in > the card's chip to short circuit the path and route packets directly > across the card in a way pf can't control. It was also suggested that in > addition to using different physical cards, the cards should really use > different chipsets too, in case an unknown driver bug allows a short > circuit.
Those are not realistic concerns. -- Christian "naddy" Weisgerber na...@mips.inka.de