samba - Jan 2003 - Firewalls (was: Sigh....ok once more with feeling)

I'm sure you all already know this, but it's generally better to have
the firewall be a separate physical machine from any server or client machines.
Among other reasons, if an attacker can exploit an application running on the
firewall machine, the efficacy of the firewall is compromised. You should
dedicate a hardened, minimally configured machine for firewall use. If you have
lots of money, the Cisco PIX firewalls are reasonably good. OpenBSD on a PC is
an excellent low-cost option.


-- 
Chris Palmer    Systems Programmer    GeneEd