SunScreen 3.2 Queries
From: Crist Clark (crist.clark_at_globalstar.com)
Date: 02/18/05
- Previous message: Bill R. Williams: "[SUMMARY] Sunfire v880 reboot"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 18 Feb 2005 12:59:17 -0800 To: Sun Managers <sunmanagers@sunmanagers.org>
I am awash in documentation for SunScreen that all wants to address much
more complicated situations than I have. What I have is a multi-homed
host which I want to protect. This host is NOT a router. I want to put
severe ingress and egress filters on one of its interfaces. I want no
restrictions on other interfaces. I would like to do all administration
at the CLI and kill off the near-useless GUI. I am running Solaris 9
(sparc) with SunScreen 3.2.
So my questions are:
I cannot see where in rules I can apply them to only specific
interfaces. How do I do this? Can I do this?
Without the ability to set rules per-interface, the anti-spoofing
abilities of the firewall become essential, but I can find little
documentation on what anti-spoofing does or does not do and how
it works in the SunScreen 3.2 documentation. How does it work?
Will SunScreen function properly if I kill off the Apache server
and Java processes it starts up? What's the "correct" way to
stop them from starting?
Before someone says "IPFilter," yes, I know, it would be trivial to do
this in IPFilter. But management wants a Sun-supported product blah-blah
(I know IPFilter is in 10, but I don't think its supported in 9. I would
love to be corrected on that.)
-- Crist J. Clark crist.clark@globalstar.com Globalstar Communications (408) 933-4387 _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers
- Previous message: Bill R. Williams: "[SUMMARY] Sunfire v880 reboot"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
