Matthew Seaman wrote:
> >
> > > > I need no details, just a general hint how to setup such security
> > > > levels, preferably independent of actual IP addressses behind the
> > > > interfaces (a :network macro is not always sufficient).
> >>> > >
> >>> > > You may use urpf-failed
Le Mon, 10 Oct 2011 14:10:53 +0700,
Victor Sudakov a écrit :
> The problem is, there could be several routed networks behind the
> inside interfaces. Not all inside networks are directly connected, and
> the :network macro works only for directly connected interfaces,
> right?
Rigth, this is why
Nikos Vassiliadis wrote:
> >>
> >>>I have a configuration with 2 inside interfaces, 1 outside and 1 dmz
> >>>interface. The traffic should be able to flow
> >>>
> >>>1) from inside1 to any (and back)
> >>>2) from inside2 to any (and back)
> >>>3) from dmz to outside only (and back).
> >>>
> >>>I ne
Matthew Seaman wrote:
> >
> > > > I need no details, just a general hint how to setup such security
> > > > levels, preferably independent of actual IP addressses behind the
> > > > interfaces (a :network macro is not always sufficient).
> >>> > >
> >>> > > You may use urpf-failed
Patrick Lamaiziere wrote:
>
> > > > I need no details, just a general hint how to setup such security
> > > > levels, preferably independent of actual IP addressses behind the
> > > > interfaces (a :network macro is not always sufficient).
> > >
> > > You may use urpf-failed instead :network
> >
On 10/9/2011 10:39 AM, Victor Sudakov wrote:
Patrick Lamaiziere wrote:
I have a configuration with 2 inside interfaces, 1 outside and 1 dmz
interface. The traffic should be able to flow
1) from inside1 to any (and back)
2) from inside2 to any (and back)
3) from dmz to outside only (and back).
On 09/10/2011 10:31, Patrick Lamaiziere wrote:
> Le Sun, 9 Oct 2011 14:39:10 +0700,
> Victor Sudakov a écrit :
>
> > > I need no details, just a general hint how to setup such security
> > > levels, preferably independent of actual IP addressses behind the
> > > interfaces (a :netw
Le Sun, 9 Oct 2011 14:39:10 +0700,
Victor Sudakov a écrit :
> > > I need no details, just a general hint how to setup such security
> > > levels, preferably independent of actual IP addressses behind the
> > > interfaces (a :network macro is not always sufficient).
> >
> > You may use urpf-faile
Patrick Lamaiziere wrote:
>
> > I have a configuration with 2 inside interfaces, 1 outside and 1 dmz
> > interface. The traffic should be able to flow
> >
> > 1) from inside1 to any (and back)
> > 2) from inside2 to any (and back)
> > 3) from dmz to outside only (and back).
> >
> > I need no det
Le Sun, 9 Oct 2011 12:15:54 +0700,
Victor Sudakov a écrit :
> I have a configuration with 2 inside interfaces, 1 outside and 1 dmz
> interface. The traffic should be able to flow
>
> 1) from inside1 to any (and back)
> 2) from inside2 to any (and back)
> 3) from dmz to outside only (and back).
>
Colleagues,
I have a configuration with 2 inside interfaces, 1 outside and 1 dmz
interface. The traffic should be able to flow
1) from inside1 to any (and back)
2) from inside2 to any (and back)
3) from dmz to outside only (and back).
I need no details, just a general hint how to setup such secu
11 matches
Mail list logo