[Samba] Firewalls (was: Sigh....ok once more with feeling)

Chris Palmer chris.palmer at geneed.com
Wed Jan 8 18:16:17 GMT 2003


I'm sure you all already know this, but it's generally better to have the firewall be a separate physical machine from any server or client machines. Among other reasons, if an attacker can exploit an application running on the firewall machine, the efficacy of the firewall is compromised. You should dedicate a hardened, minimally configured machine for firewall use. If you have lots of money, the Cisco PIX firewalls are reasonably good. OpenBSD on a PC is an excellent low-cost option.


-- 
Chris Palmer    Systems Programmer    GeneEd



More information about the samba mailing list