[Gllug] IPv6 and firewalls
Chris Bell
chrisbell at 3966.ukfsn.org
Tue Aug 11 11:57:55 UTC 2009
On Tue 11 Aug, Bruce Richardson wrote:
> On Tue, Aug 11, 2009 at 10:01:45AM +0000, Chris wrote:
>
> >
> > I was also considering bridge control, where a box silently passes
> > selected packets between connections without itself being generally
> > accessible or even visible except via specified route(s).
>
> This is my preferred approach to firewalling. It used to require a lot
> of patching and building of custom utilities but everything you need is
> in the default kernels for most distributions these days.
>
I assume that it would not be possible to install a pair of boxes for
fail-safe operation because they would send streams of duplicate packets,
even when set for established links only.
--
Chris Bell NEW address: chrisbell at chrisbell.org.uk
Microsoft sells you Windows ... Linux gives you the whole house.
www.chrisbell.org.uk (was www.overview.demon.co.uk)
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list