Re: [Lilux-info] Reverse Firewalls

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Eric Dondelinger wrote: | Hi Thierry, | | On Thu, 22 Jul 2004, Thierry Coutelier wrote: | | |>No the idea is much better. With this reverse-firewall it will stop dub |>end-users |>from sending attacks to other sites. The firewall could disallow source |>IP spoofing. |>It could filter out allthose 135-139 ports that go out. |>You would protecccccc the Internet from a lot of attaks with this. |>Hackers would anyway soon find a way around the box so it would not |>help for those. | | | How can a normal firewall not be configured to do exactly the same? | Maybe most people configure their firewall to regulate incoming | traffic only, but I have a couple not-so-small thingies here that | *do* filter outbound traffic too. | Also, filtering 135-139 should be standard (in more serious setups | anyway) - even many ISPs actually do this. Thanks MS for another of | those huge security holes... | The idea is to have firewall-rules that protect the Internet and not the end-user. And the firewall is controlled by an outside entity and not from the leaf. Maybe the term reverse-firewall is not well chosen but the idea is not bad. | |>| Btw, some providers force a redirect of SMTP traffic to their |>| own mailserver. Have a look at: |>| |>| http://www.init7.ch/anti-spam/index.php |>| |>| No idea how they handle smtp-auth to other servers... |> |>I don't like the idea. Only introduces problem for stand-alone mail |>servers as ours. | | | AFAIK, the LiLux mailserver has a static IP, and it doesn't | exactly fit into the dial-up category. I guess technically, | it could quite simply use mailsvr.pt.lu as smarthost also. The problem is not when sendar is sending traffic out but when you need to configure special rules for incoming traffic or on the SPF records. You may not send mail using @linux.lu from other mail servers except you are added in the SPF record on our DNS. At least to those site that check the SPF records. So best is to configure sendar as your SMTP server and use auth. | | Greets Eric - -- Thierry Coutelier Président LiLux asbl 7, Rue Jacques Sturm L-2556 Luxembourg Office:+352 710725 608 Home:+352 406776 http://www.linux.lu/