[CentOS] firewall?

Sat Jul 16 13:17:51 UTC 2011
Ljubomir Ljubojevic <office at plnet.rs>

Rudi Ahlers wrote:
> On Sat, Jul 16, 2011 at 2:56 PM, Drew <drew.kay at gmail.com> wrote:
>>> not to mention danger of PC's bypassing your one-NIC firewall and
>>> unsafely connecting to the outside.
>> That I think is the biggest danger with a one NIC setup.
>>
>> Linux boxen may be safe(r) (then windows) from being infected or
>> hacked but just one malicious machine can bypass the security in place
>> if you don't logically *and* physically separate your subnets.
>>
>>
>> --
>> Drew
>>
> 
> 
> You can have the same problem with a multi-NIC firewall, by the way.
> 
If you secure that firewall unit facing internet *properly*, you are 
safe from outside. This is not the case with the setup I described.

I wrote about "physical presence *outside* of your network", like if you 
are on a large WISP that uses bridged network (bad design) and your 
Wireless client is bridged, and you have single NIC firewall in place, 
entire WISP's network will be able to sniff your traffic and hack into 
unprotected workstations/desktops. And there are those scenarios, much 
more then you can think.

Ljubomir