[TriLUG] Ideas about centralized managagment iptables via SNMP traps
Benjamin Reed
ranger at befunk.com
Tue Mar 19 15:58:00 EST 2002
Chris Hedemark [chris at yonderway.com] wrote:
> No thanks. Sounds too easily exploitable. The firewall box should be very
> paranoid about using external data sources to decide on whether to permit
> or deny traffic.
>
> BTW - How many firewalls do you need anyway? One firewall box can handle
> quite a few fast ethernet connections, and T1's are a piece of cake. I'm
> trying to understand your problem better and I'm wondering if the site
> really is so large to need so many firewalls or will just one really well
> configured firewall fit the bill?
Not only that... but the *last* thing you want to use for configuration of
a secure firewall is a configuration channel going over the most insecure
wide-open protocol known to man. =)
I would think that if anything, you'd be better off doing some kind of
openssh tunneled thing.
--
Benjamin Reed a.k.a. Ranger Rick (ranger at befunk.com) http://ranger.befunk.com/
Only Alex Chiu has the solution to a unified world, unless you can think of
a better one. -- Alex Chiu, Immortality Inventor
More information about the TriLUG
mailing list