Re: iptables-save/restore with dynamic IP
Greetings!
On Thu, 21 Oct 2004 16:15:49 +0200 martin f krafft <madduck@debian.org>
wrote:
> also sprach simon@farnz.org.uk <simon@farnz.org.uk> [2004.10.21.1549
> +0200]:> The only time I've seen this done has been with PPPoE; the
> gateway> talked PPPoE with the remote end, and communicated with the
> LAN> via the same NIC. Not that secure, but got the network running.
>
> Sounds horrible.
While it's the same physical interface, they are logically disjunct:
internet is at ppp0 while LAN is at eth0. As long as you just filter
against ppp0 it should be comparatively safe (safer than directly
connected Win* machines, that is).
You're not safe at all against attacks (or misconfigurations) from the
inside with this technique, though...
I usually prefer physical separations of green/yellow/red networks, too,
so this setup should only be used as emergency measure...
Bye
Volker Tanger
ITK Security
Reply to: