In message <F7BADD47-3CC9-478C-96DA-A07FCB8CBDBF@delong.com>, Owen DeLong writes:
And that is the fault of the Raspberry PI. There is zero reason for the Raspberry PI to be open to the world before it has been configured. It could have a initial configuration that is just
permit <local-prefixes>/64 any port 22 deny any any port 22
It’s very hard to configure a Raspberry PI using Cisco’s filter language.
I don’t know of any case where this will work.
Owen
So you are going to argue about firewall configuration language rather than the concept which was viable in host firewalls I've used for over a decade. You can do the same thing with all firewalls even if it requires a piece of software to listen to interfaces being configured are rewriting the firewalls as they are being brought up. I develope software that does just this at the application level. It is not rocket science. Just listen to the routing interface and adjust the acls as interfaces come and go. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org