[Gllug] Linux Firewall
Anthony Newman
anthony.newman at uk.clara.net
Wed Jul 20 09:15:46 UTC 2005
Simon Morris wrote:
> A stateful firewall is going to be essential to prevent unwanted or
> dangerous connections to services that you don't want to offer to the
> internet, e.g. SSH
>
Presumably you mean "stateful" in a different sense to "connection
tracking" as is usually implied? Blocking unwanted inbound connections
is simply rule-based packet filtering, with statefulness allowing e.g.
internet-bound NAT to forward returning packets correctly for multiple
addresses within a firewalled network from fewer external addresses
(masquerading, in a word :-) ).
The original question does not state the purpose of the internal
network; is it just a (bunch of) servers or will there be a requirement
for other machines not providing external services requiring firewalled
internet access?
Personally I'd have thought that a proxy server of whatever description
would be a waste of effort/electricity unless you expect so much traffic
that your webserver(s) will be unable to cope with just serving up the
content asked of it(them) directly, and that a basic firewall will do
what you need; just my £0.02 though ;-)
What sort of traffic and connection are we talking?
Anthony
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list