Hello pf,
Now that I have a VLAN capable switch (a 3C0m SS2 3300) and the
Realtek NICs support it (a pleasant surprise) I've implemented my LAN
and DMZ on VLANs. So now I have a 4 NIC firewall but I'm actually using
only 2. So I thought: what if I do a bridged transparent filtering on
two NICs and use the other through VLANs to have multiple DMZ?
For and ASCII art representation:
CableMobem----RL0-[ bridge ]-RL1--[crossed patch]
[ ]
[Firewall]RL2---------|
[ ]RL3-------[VLAN Switch]
Would it be worth doing (besides the "because I can")? Would it be any
more secure than simply filtering on RL0? Since I have DHCP I think I
might be a PITA to configure correctly. Besides, can the bridge filter
the non IPv4/IPv6 packets (my understanding is that no)?
The nice point would be that I will have to make a pf.conf with almost
all the example techniques applied :-)
--
Best regards,
Alejandro Belluscio
