I agree. One way out is to setup each machine with a default tight local
policy that only allows access to the local "remote file system" (sic!)
then read in the more liberal site-wide policy to replace the existing
one... this will mean an nfs mount or a one-way rsync ... and a simple
per machine ruleset blocking everything
but the firewall policy servers nfs or rsync... any other ideas ??
Rgrds
I would admit to this, but I am the only person usign these boxes.
One is my machine in the office the other one is at home.
Concerning the manageability I would say, yes, you are right. One
should invent a solution like the manageability of WinXP SP2 with
the help of the ActiveDirectory in a windows server domain.
One ruleset for all boxes.
But, often you read that attacks against servers will be done from
the inside network.
Marcus
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
