On 27/12/18 00:25, Lloyd Zusman wrote: > [...] > I'm running on the ancient CentOS-4.8, > [...] > Thank you for any pointers or suggestions.
When I'm asked to protect "stone-age" systems, I generally do my best in
*avoiding* touching them at all. I prefer to "sandboxing" them, inside a
virtual-machine (or, if possible, a "container"), and then add a dedicated
firewall in front of them (via an additional, dedicated VM). Considering
that Shorewall is perfectly able to work in "bridged" mode, such a firewall
can be fully transparent from a network point of view. So, while slightly
increasing the complexity of the overall setup (due to the additional
firewall VM), you gain the very important advantage to protect your
"legacy" system with a current shorewall version AND without any change in
related "legacy" system.
My 0,02€
Bye,
DV
P.S.:
> I'm running on the ancient CentOS-4.8, and there is no feasible way to
> upgrade this system in the forseeable future.
Sorry, but it looks like your real problems are much worse than installing
shorewall... :-(
--
Damiano Verzulli
e-mail: dami...@verzulli.it
---
possible?ok:while(!possible){open_mindedness++}
---
"Technical people tend to fall into two categories: Specialists and
Generalists. The Specialist learns more and more about a narrower and
narrower field, until he eventually, in the limit, knows everything about
nothing. The Generalist learns less and less about a wider and wider field,
until eventually he knows nothing about everything." - William Stucke - AfrISPA
http://elists.isoc.org/mailman/private/pubsoft/2007-December/001935.html
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
