Psyon wrote:
>
> > I think this would be a very bad idea. The main reasons for making the
> > firewall a spearate machine are:
> >
> > 1) Security. The firewall should absolutely not be compromisable. The
> > whole point of a firewall is to protect your vulnerable machines behind
> > it. If the firewall runs in a VM of any kind, then the host machine is
> > also on the Internet, and unprotected. Compromise of this machine would
> > allow the firewall to be bypassed completely (killall plex86).
> >
>
> This is not entirely true. [snip]
I think the point is, if you have a machine with unknown levels of
security,
(the host machine), how can you make it more secure by adding more
software?
You really need to start closing off ports etc. rather than adding a new
layer of masquerading.
Or, maybe you could stick a sign on the host machine saying "This is
now a firewall, no hackers pls"
:-P
-Cam
--
=========================
= Camilo Mesias =
= ([EMAIL PROTECTED]) =
=========================
