Hi all,
I am creating a bridging firewall with OpenBSD and the following
hardware:
https://www.amazon.nl/dp/B0B6J89MXJ?ref=ppx_pop_dt_b_asin_image&th=1.
OpenBSD is already installed. I want to use ETH1 for the input from my
ADSL modem, ETH2 and ETH3 for the output to my network. Furthermore, I
would like to use ETH4 for the update/upgrade of the firewall. Remove
the connection from ETH1, plug it into ETH4, and update/upgrade. Then
the connection returns to ETH1. ETH4 therefore receives an IP address
and ETH1,ETH2 and ETH3 not. But now the problem: as long as the network
connection of the ADSL modem is in ETH4, my network, including the
firewall, is no longer secured, and attackers can take advantage. I
therefore wonder whether it is possible to let the data flow via ETH1
and ETH4 first pass through PF before an update/upgrade is done via
ETH4. This means that the bridging firewall will have two entrances, one
without and one with an IP address. I would like to know if that is
possible, or if there is another option.
- Bridging firewall with online update/upgrade Karel Lucas
-