View Single Post
Old 5th January 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Quote:
Originally Posted by maurobottone View Post
yeah, correct! Well...I can't obtain multiple IP address, so...when can I read something about two firewalls? I didn't know that possibility...thanks and sorry :/
Two firewalls are very common in internet application environments, such as dot coms. The DMZ is where all of the internet-exposed systems reside. Webservers, particularly. The "bastion" firewall, that touches the internet, has rules which are fairly open, such allowing http and https from anywhere. The inner firewall has much more restrictive rules, such as restricting inbound traffic to database calls from the webservers.

There's a good discussion of tiered firewalls in Michael Lucas's book, Absolute OpenBSD, which is out-of-print currently. The publisher (No Starch Press) has a .pdf available for sale; in addition, the example pf.conf files for a tiered firewall setup (in Appendex B) are available for download at www.absoluteopenbsd.com for your review -- see Example 3. Note: Tiered configurations require routing table additions, which are described in the book but not in the examples.
Reply With Quote