Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: routing by interface on Solaris

From: Lance Spitzner <lance () spitzner net>
Date: Thu, 28 Dec 2000 21:05:24 -0600 (CST)
On Thu, 28 Dec 2000, Neil Buckley wrote:


I guess I view the ability to stop packets destined for my management
network a function of an upstream device closer to my hostile connections.
Performing it at the interface of the firewall may be a nice added defense,
but suggests that you have a single device performing many functions.

Sorry if I missed the hidden wisdom in Lance's first message, maybe he could
elaborate.


Dooh!

Didn't mean to cause this mis-communication.  My intent was to raise awareness
of a rather cool feature in Solaris8.  This feature (routing by interface) could 
be applied to the security of managing firewalls.  Specifically, by disabling 
routing on the management interface, this could be an additional layer in the 
protection of the management network.

Nothing earth shattering here, just a usefull feature that I thought could
help.  

lance


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: