On 9/5/10 12:00 PM, Mr Dash Four wrote: > >> >> So this isn't really a firewall -- it's a host that happens to run >> Shorewall. That is not a use case that I target with Shorewall, although >> Shorewall can be used there. >> > It won't make a big difference whether this rogue code executes on a > single host 'that happens to run Shorewall' or if it resides on a > firewall with 3+ different interfaces, controlling 3+ different networks > - that traffic (initiated from the rogue code) still originates from > that machine and is destined to the outside world.
If there are no applications running on the firewall, then the fw->net ruleset can be very restricted; no outgoing blacklist is necessary. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
