On Oct 20, 2004, at 2:58 PM, Dylan Martin wrote:
That said, I use OpemBSD with PF for my firewall and I only use iptables
on servers that need to live outside my firewall for some weird reason. So
please don't hit me for giving iptables advice on the pf mailing list...
Maybe it's just me, but why would you need to have machines outside your firewall, yet still need to run iptables on them? If it has something to do with IP allocation, why not just add one more segment to the firewall and create a bridge? I'm not trying to suggest that you don't complement your security by running firewalls on the linux hosts, but it would be in your best interests to take advantage of PF wherever possible (IMHO).
-- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
