Re: which outgoing device

To: Willi Dyck <wdyck@gmx.net>
Cc: debian-firewall@lists.debian.org
Subject: Re: which outgoing device
From: Bernd Eckenfels <lists@lina.inka.de>
Date: Thu, 6 Jun 2002 21:17:31 +0200
Message-id: <[🔎] 20020606191731.GA13197@lina.inka.de>
In-reply-to: <[🔎] 20020606190827.GE427@tekilla.homeip.net>
References: <[🔎] 20020603071802.69eaf22e.oliver@epper.de> <[🔎] 20020603075330.GA3362@lina.inka.de> <[🔎] 20020606190827.GE427@tekilla.homeip.net>

On Thu, Jun 06, 2002 at 09:08:27PM +0200, Willi Dyck wrote:
> > Your actual content is sent over the ppp device, this is where your utgoing
> > ruels are concerned. But you also need to block all data from/to eth1
> > besides the pppoe packets.
> 
> Disagree. If you block packets on ppp0 they won't even reach eth1.

Yes, but packages on the Shared Media do reach your firewall via eth1, and
your firewall yould leak ip packets via eth1. Thats why it makes sence to
block all packets on eth1. You can alos remove the ip address from that
interface, but personally i would not trust the kernel to actually ignore
packets in all situations.

Greetings
Bernd

-- 
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- which outgoing device
  - From: Oliver Epper <oliver@epper.de>
- Re: which outgoing device
  - From: Bernd Eckenfels <lists@lina.inka.de>
- Re: which outgoing device
  - From: Willi Dyck <wdyck@gmx.net>

Prev by Date: Re: which outgoing device
Next by Date: ROUTEUR ET IDENTD
Previous by thread: Re: which outgoing device
Next by thread: ipchains / help
Index(es):
- Date
- Thread