----- Original Message -----
From: "Andrew Jones" <aj@jonesy.com.au>
Well, *I* would firewall eth1 from eth0 and cross-over eth1 to the ILO jack; let the box be the firewall. Sure, it's still as breakable as the box proper, but security-by-obscurity isn't *bad*, it's just *not good enough*.
That's great until you muck up your firewall config or the kernel hangs etc. and you're up for a trip to the data centre.
Sure. But if you can reduce 1% to 1% of 1%, then you've still done something useful. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274