Re: iptables-save/restore with dynamic IP
On Thu, 21 Oct 2004 16:15:49 +0200 martin f krafft <firstname.lastname@example.org>
> also sprach email@example.com <firstname.lastname@example.org> [2004.10.21.1549
> +0200]:> The only time I've seen this done has been with PPPoE; the
> gateway> talked PPPoE with the remote end, and communicated with the
> LAN> via the same NIC. Not that secure, but got the network running.
> Sounds horrible.
While it's the same physical interface, they are logically disjunct:
internet is at ppp0 while LAN is at eth0. As long as you just filter
against ppp0 it should be comparatively safe (safer than directly
connected Win* machines, that is).
You're not safe at all against attacks (or misconfigurations) from the
inside with this technique, though...
I usually prefer physical separations of green/yellow/red networks, too,
so this setup should only be used as emergency measure...