Hello all, I've got a question concerning firewalling. ICMP, UDP and TCP can be filtered out with ipchains/iptables, but what about IPX, ARP, netbios and such? To make my question more clear let me explain what I want. We have a network connected to the internet. Inside this network I want to put a firewall. This firewall has two network adapters each with a different network. The first is connected to the network and the other is connected to a switch. On this switch we have a (beowulf) cluster of machines. Now, if I disable IP forwarding and make the firewall airtight in the sense that I use ipchains to deny any traffic between the networks does anything low level from the switch or whatever still propogate to the other network? Our IT people are against this setup and want to maintain the switch themselves (which means it should be accesible to them) for the reason that, as they say, it is still possible that this switch can cause hickups in their network. I find this hard to believe. To me it seems that there is no way ___AT__ALL__ that they can detect if there is anything behind the firewall or that anything behind the firewall could cause some disturbance on the network. Any opinions/ideas/suggestions are welcome. -- Johan de Jong - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
