Quote:
Originally Posted by maurobottone
yeah, correct! Well...I can't obtain multiple IP address, so...when can I read something about two firewalls? I didn't know that possibility...thanks and sorry :/
|
Two firewalls are very common in internet application environments, such as dot coms. The DMZ is where all of the internet-exposed systems reside. Webservers, particularly. The "bastion" firewall, that touches the internet, has rules which are fairly open, such allowing http and https from anywhere. The inner firewall has much more restrictive rules, such as restricting inbound traffic to database calls from the webservers.
There's a good discussion of tiered firewalls in Michael Lucas's book,
Absolute OpenBSD, which is out-of-print currently. The publisher (No Starch Press) has a .pdf available for sale; in addition, the example pf.conf files for a tiered firewall setup (in Appendex B) are available for download at
www.absoluteopenbsd.com for your review -- see Example 3. Note: Tiered configurations require routing table additions, which are described in the book but not in the examples.