On Fri, Nov 09, 2007 at 07:22:51PM -0800, Tom Eastep wrote: > d) Those servers that for some reason you choose to put in your 'loc' > zone rather that in the 'dmz' zone. My personal belief is that there > is no valid reason for this class of server to exist at all and very > valid reasons to think that they should not exist at all. But from > your post, it seems that you may have them. See Shorewall FAQ 2 for a > discussion of why I think that such servers are a very bad idea.
For the sake of completeness - this can be a valid configuration when you have multiple firewalls (or filtering routers, if you can afford such beasts), so from the perspective of the firewall on the internet border they're all in one zone, but something else in the network is segregating them from each other. Such configurations are going to be rare. I have only one of them, at our largest site (~70-100 hosts over two buildings). ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
