On 30 April 2015 at 17:22, Jonathan McDowell noodles@earth.li wrote:
Probably on the grounds that it's more secure and a lot of the distros are trying to be decent firewalls out of the box. If you're mixing and matching outbounds on the same interface then one mistake in your routing table and things can be going the wrong way. Or there's the potential for cleverly crafted packets to goes places they shouldn't.
If that's all it is that's fine (in which case I understand, which was my main objective!). I would say however that even then separate interfaces for red and green makes sense, but you still shouldn't need multiple red interfaces just to talk to multiple routers on the red side; in many (the majority of?) cases all the red (WAN) interfaces are equivalent from a security POV.
Once I've picked a router distro I'll probably ask the same question on their mailing list and see what they say.