> > Currently, I ignore the 675 in favor of my linux firewall for reasons
> > of familiarity, ease of configuration, and perhaps confidence in the
> > security.  However, I see the functionality that can be set up by the
> > 675 freeing up a 486 to do more important things, like DNS and email
> > serving.
>
> One problem with that theory:  While the 486 can have an arbitrarily large
> number of rules, the 675 (if I read its manual correctly) can only store 10
> rules, each of which is only effective in one direction.  If you want to tell
> it not to pass any traffic with a destination in a reserved/nonroutable
> destination address in either direction, that's 6 rules right there.  If you
> want to block traffic with nonroutable source or destination, it would
> require 12 rules - that's already more than the 675 can handle.  (Granted,
> you probably aren't using all 3 unroutable ranges internally, so you probably
> don't need all 12, but it's a good way of demonstrating how severe that
> limitation is.)


I'm not sure exactly what the limitation is for rules on the 675, but what I've
done in my case is program the 675 with some very basic rules which probably
block about 90% of unauthorized access attempts -- blocking, say, telnet,
portmap, imap and pop3 from all external hosts.

You'll never get the flexibility and power out of the 675 that you can out of a
server (although I'm really impressed with what these little blue boxes *can*
do).  But I'd rather deal with the broad, clear-cut cases at the router than
make the server/firewall waste cycles on them.


---------------------------------------------------------------------
To unsubscribe, e-mail: tclug-list-unsubscribe at mn-linux.org
For additional commands, e-mail: tclug-list-help at mn-linux.org