Firewall Configuration Question... Is this possible?

Jan Engelhardt jengelh at
Tue Aug 2 08:26:06 CEST 2005

> doable, but not adised, a firewall should be single purpose, most servers
> should be single purpose where possible.  But then this is not often the case.
> But a firewall certainly should be a single purpose system much like a router
> is, they do similair work anyways.

Having many servers has two disadvantages: Power consumption and 
administration expense (you gotta install and upgrade each of them).
A "service split" [for load balance] is not bad, but you can also overdo it.

> putting a web servers on the firewall makes the firewall and the whole internal
> network subject to any issues that the web services now face, plus you now have
> to allow naother set of ports/protocols directly to the system and not merely

You don't run a webserver with root.

Jan Engelhardt

More information about the netfilter mailing list