Re: pf blocking nfs
From: Chuck Swiger (cswiger_at_mac.com)
Date: 11/30/05
- Previous message: Kris Kennaway: "Re: Many same errors on build App from stable ports"
- In reply to: Aaron P. Martinez: "Re: pf blocking nfs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 29 Nov 2005 22:33:41 -0500 To: "Aaron P. Martinez" <ml@proficuous.com>
Aaron P. Martinez wrote:
[ ... ]
> Actually my network looks like this:
>
> INT---firewall------internal router/firewall---------good lan
> | |
> | |---------insecure lan (windoze machines)
> |
> |----DMZ
>
> the good lan is the only one that does nfs, so the nfs doesn't actually
> pass through the firewall, just connects to the internal router/firewall.
> I am simply trying to avoid a worst case scenario (internal router gets
> compromised) so trying to allow ONLY return packets. Is this unfeasable?
I take it that your internal firewall box has three NICs, then?
Normally, your firewall should not be doing anything else but security
and would not be mounting NFS or depending on any other services on your
network. If that is not possible, you should permit traffic through the
interface on the "good LAN".
-- -Chuck _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
- Previous message: Kris Kennaway: "Re: Many same errors on build App from stable ports"
- In reply to: Aaron P. Martinez: "Re: pf blocking nfs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
