Hi dude ... using the right Terms - DMZ is the zone between your Firewall and the Provider - DMZ = DeMilitarized Zone. 3Com has used the Term of DMZ back in time on one of their first routers with more than 2 Interface - and called it DMZ :) Wrong naming - but it stayed ... What you mean is most probably the Service Network.
It actually makes sense to set up a firewall as shorewall on systems inside the DMZ if: 1. They have another connection point to the internal systems. 2. You want to make it as hard as possible to hackers how got into one of your machines. >From a security point of view - I always have shorewall installed on all systems - even workstations. On servers though - as I exactly know which services are to be ran, I set the default policy to reject into all directions - and explicitely open all required ports for the correct working. Everything else is rejected/dropped - and notified to a remote- loging server or Serial-Interface printer (This one on the firewall only) to catch breaking/breakout attempts. Up to you to decide what to you want :) <quote who="mess-mate"> > Hi, > i wonder if there is any need to install shorewall on a machine > located in the dmz zone of shorewaal. ( 3 interfaces example) > > > mess-mate > -- > > You are a fluke of the universe; you have no right to be here. > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users > -- ------------------------------------------------------------------------ | Joerg Mertin : [EMAIL PROTECTED] (Home)| | in Forchheim/Germany : [EMAIL PROTECTED] (Alt1)| | Stardust's LiNUX System : | | Web: http://www.solsys.org | ------------------------------------------------------------------------ PGP Fingerprint: AF0F FB75 997B 025F 4538 5AD6 9888 5D97 170B 8B7A ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
