From owner-freebsd-security Tue Nov 27 16:18:22 2001 Delivered-To: freebsd-security@freebsd.org Received: from rfnj.org (rfnj.org [216.239.237.194]) by hub.freebsd.org (Postfix) with ESMTP id E060737B416 for ; Tue, 27 Nov 2001 16:18:18 -0800 (PST) Received: from megalomaniac.biosys.net (megalomaniac.rfnj.org [216.239.237.200]) by rfnj.org (Postfix) with ESMTP id 45E61136F3 for ; Tue, 27 Nov 2001 19:22:29 -0500 (EST) Message-Id: <5.1.0.14.0.20011127191737.00ae1bd0@rfnj.org> X-Sender: asym@rfnj.org X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Tue, 27 Nov 2001 19:19:54 -0500 To: freebsd-security@freebsd.org From: Allen Landsidel Subject: Re: Best security topology for FreeBSD In-Reply-To: <200111271642.fARGgfU32312@khavrinen.lcs.mit.edu> References: <5.1.0.14.0.20011127071415.00aa4a18@rfnj.org> <5.1.0.14.0.20011127071415.00aa4a18@rfnj.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 11:42 AM 11/27/2001 -0500, you wrote: >I think the more traditional version (of the ``two-firewall'' >implementation) is not much different from this: ... I hadn't really thought of the packet-filtering router as a firewall, but I suppose it does fit the definition. I always took it as a given that everone had some level of ACLs on their routers, and thus didn't include it as a "firewall" in the diagram. I would guess the original poster of the "two firewalls is better; a single one is a poor design" message was probably thinking the same thing. If not, well, I guess we're all in agreement then, except for "Mr quad firewalls are cool" to whom I just responded. ;) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message