AW: Firewall concepts

Marcus Franke MFranke at evendi.de
Thu Dec 8 06:47:12 PST 2005


> 
> Hello Marcus
> A firewall on every pc will soon become a nightmare to manage as the
> network grows. You could in theory put the pf rules on a read-only
> remote filesystem..and have every client access to it, but thats if
> you have time for such tricks...
> 
> The internet gateway is the place to put your firewall - the one that
> has the direct connection to the internet. And make sure no one can
> unplug it from the network, or shut down the pf even temporarily.
> 

I would admit to this, but I am the only person usign these boxes.

One is my machine in the office the other one is at home.

Concerning the manageability I would say, yes, you are right. One
should invent a solution like the manageability of WinXP SP2 with
the help of the ActiveDirectory in a windows server domain.

One ruleset for all boxes.

But, often you read that attacks against servers will be done from
the inside network. 



Marcus


More information about the freebsd-pf mailing list