From mboxrd@z Thu Jan  1 00:00:00 1970
From: Mark Seamans <marks@crvinc.com>
Subject: Core Linux Router - NO NAT
Date: Thu, 20 Mar 2003 17:23:50 -0600
Sender: netfilter-admin@lists.netfilter.org
Message-ID: <200303201723.50161.marks@crvinc.com>
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Return-path: <netfilter-admin@lists.netfilter.org>
Content-Disposition: inline
Errors-To: netfilter-admin@lists.netfilter.org
List-Help: <mailto:netfilter-request@lists.netfilter.org?subject=help>
List-Post: <mailto:netfilter@lists.netfilter.org>
List-Subscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>,
	<mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-Id: <netfilter.vger.kernel.org>
List-Unsubscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>,
	<mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
List-Archive: <https://lists.netfilter.org/pipermail/netfilter/>
Content-Type: text/plain; charset="us-ascii"
To: netfilter@lists.netfilter.org

I have a Linux router that consists of 4 T1ports and 1 ethernet.
This "Router" will act as an ISP core router doing Routing Only!
I wish to protect the box itself, while it preforms it's duties as a Router 
allowing only ssh from the ip's that I wish for management.  This way I can 
also setup rules to protect it form DOS attacks etc...
Now I have been thinking of this, but I can go two ways:
1.  Making it harder than it really is  -OR-
2.  Allowing it to be so easy it is not secure.

So any suggestions would be great.

Thanks!

Mark
marks@crvinc.com