From mboxrd@z Thu Jan 1 00:00:00 1970 From: "R. DuFresne" Subject: Re: Re: iptables problem Date: Thu, 3 Nov 2005 22:18:09 -0500 (EST) Message-ID: References: <20051103062533.C48C96AA57@smtp.sterenborg.info> <436AB088.7050502@pcraft.com> Mime-Version: 1.0 Return-path: In-Reply-To: <436AB088.7050502@pcraft.com> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-bounces@lists.netfilter.org Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: TEXT/PLAIN; charset="us-ascii"; format="flowed" Content-Transfer-Encoding: 7bit To: "Ashley M. Kirchner" Cc: netfilter@lists.netfilter.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 3 Nov 2005, Ashley M. Kirchner wrote: > R. DuFresne wrote: > >> Why not have one system that reaches out for the files, and brings them >> inside, then point the kiosks at that one system? Far easier to maintain >> and troubleshoot and far less FW coding. > > Because I didn't code these machines. They are proprietary and third > party to us. > > Interesting, and that means I suspect that you have no ability to tune or config them as well? Could one put in a request the third parties config them to look at one trusted host you could setup to pull the files from? Have they been "tested" for their security? Seems a tad risky, depending upon placement, hopefully they are in a dmz and not the soft chewy center.... Thanks, Ron DuFresne - -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629 ...We waste time looking for the perfect lover instead of creating the perfect love. -Tom Robbins -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDatL0st+vzJSwZikRArWLAKDA/urNj4sEruwm7KU8ezInKPLpJQCeJk+R MFr5oi+c3stQZx0mqQJgqmE= =Z32v -----END PGP SIGNATURE-----