The Daily Static
  The Daily Static
UF Archives
Register
UF Membership
Ad Free Site
Postcards
Community
Geekfinder
UFie Gear
Advertise on UF
Forum Rules
& FAQ

Username

Password


Create a New Account

  
 

Back to UserFriendly Strip Comments Index
Needed: Consumer router with outgoing packetfilter by Qcumber-some2007-07-29 07:22:54
  ...I've never seen a PNB with outgoing filter. by themadkansan2007-07-29 07:32:23
    Any, except Ports 20,21,80,3128 TCP? by Qcumber-some2007-07-29 08:03:50
      Considered using a Linux box? by werehatrack2007-07-29 08:44:50
        Aye. 2 NICs (or 2 VLANs) + Linux (or *BSD) = good. by bwkaz 2007-07-29 09:02:59

You can even block everything except certain ports (aka whitelist ports, aka enumerate goodness), as opposed to allowing everything and blocking certain ports (aka blacklisting ports, aka enumerating badness). There's *always* more badness than goodness, and the growth of badness is accelerating. Enumerating badness is a losing game.

(Not that I think Qcumber-some was planning on doing that, but you never know...)

See also the rest of the 6 dumbest ideas in computer security". Not that much of that is inherently related to using Linux as a firewall -- just be sure to design the firewall rules (and the rest of the network topology) accordingly.

[ Reply ]

 

[Todays Cartoon Discussion] [News Index]

Come get yer ARS (Account Registration System) Source Code here!
All images, characters, content and text are copyrighted and trademarks of J.D. Frazer except where other ownership applies. Don't do bad things, we have lawyers.
UserFriendly.Org and its operators are not liable for comments or content posted by its visitors, and will cheerfully assist the lawful authorities in hunting down script-kiddies, spammers and other net scum. And if you're really bad, we'll call your mom. (We're not kidding, we've done it before.)