[Samba] Firewall rules to block other's computers browse list

David Christensen dpchrist at holgerdanske.com
Mon Jul 27 19:08:41 MDT 2009


John H Terpstra wrote:
> Please help us to understand why an Internet firewall should be a
> dedicated machine. There might be one or two people on this list who
> would disagree with this assertion.

I smell flame bait...  ;-)


Simply put, because an Internet firewall is providing a security
function and if there is a mistake, security suffers.  The more software
you put on any machine, the more opportunities there are for Murphy's
Law to operate.  Thus, IPCop, Smoothwall, and other router/ firewall
distributions are deliberately stripped-down to the bare essentials.
All included software is carefully selected and tested for security and
stability.  Furthermore, a good web UI makes it easy for the end-user/
administrator to configure the router/ firewall as desired without
having to worry about arcane packet filtering syntax, dependencies,
restarting services, etc.; thus reducing the likelihood of
mis-configuration.


I've done the Linux combination firewall/ router/ server in the past;
IPCop and a leftover machine is *so* much easier, and I sleep better at
night.  :-)


HTH,

David




More information about the samba mailing list