From: Crist Clark (crist.clark@globalstar.com)
Date: Fri Feb 18 2005 - 15:59:17 EST
I am awash in documentation for SunScreen that all wants to address much
more complicated situations than I have. What I have is a multi-homed
host which I want to protect. This host is NOT a router. I want to put
severe ingress and egress filters on one of its interfaces. I want no
restrictions on other interfaces. I would like to do all administration
at the CLI and kill off the near-useless GUI. I am running Solaris 9
(sparc) with SunScreen 3.2.
So my questions are:
I cannot see where in rules I can apply them to only specific
interfaces. How do I do this? Can I do this?
Without the ability to set rules per-interface, the anti-spoofing
abilities of the firewall become essential, but I can find little
documentation on what anti-spoofing does or does not do and how
it works in the SunScreen 3.2 documentation. How does it work?
Will SunScreen function properly if I kill off the Apache server
and Java processes it starts up? What's the "correct" way to
stop them from starting?
Before someone says "IPFilter," yes, I know, it would be trivial to do
this in IPFilter. But management wants a Sun-supported product blah-blah
(I know IPFilter is in 10, but I don't think its supported in 9. I would
love to be corrected on that.)
-- Crist J. Clark crist.clark@globalstar.com Globalstar Communications (408) 933-4387 _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:30:12 EDT