Firewall Wizards mailing list archives
Re: Proxy and Stateful together ?? OpenBSD
From: Chris Hedemark <chris () yonderway com>
Date: Fri, 15 Nov 2002 11:49:51 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday, November 15, 2002, at 10:19 AM, Jean Caron wrote:
I'll keep it really short. I'm running Gauntlet. I'm evaluating replacement firewalls. I'd really like to find a true hybrid firewall doing both Application Level Proxy and Stateful Packet Filtering, with the flexibility of doing either or. I think I may know of one, but haven't look at it in the lab yet.Any pointers and/or comments ?
http://openbsd.orgAnd old Pentium II box can easily handle several hundred users on a T1, running squid (caching http proxy), ftp proxy, and email proxy. I've set up a number of these and have been thrilled. They'll do VPN pretty easily if both ends have static IP's but it can get hairy if dynamic IP's are in the picture. But all other aspects of the firewall can handle dhcp easily.
The firewall syntax is simple and straightforward. It has some nice security and performance features. For additional security you can lock the rules so that if someone somehow succeeds in breaking in, they can't change the firewall rules without rebooting (note this is not the default behavior, but it is exceedingly easy to set it up this way).
OpenBSD is an open source operating system like Linux, but with a license more like FreeBSD so you can bundle it in a commercial product with whatever license you choose. It is very easy to install via ftp. I have the latest patched version available for ftp install at ftp://ftp.trilug.org/pub/OpenBSD/3.2/i386/stable (all of these patches are security & bug fixes from the OpenBSD.org core team). About once a week or so when I have time or I notice a major bug fix I'll roll up another binary distribution and announce it to bsd () trilug org (http://trilug.org/mailman/listinfo/bsd for more)
Chris Hedemark Hillsborough, NC http://yonderway.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (Darwin) iD8DBQE91SW0YPuF4Zq9lvYRAlrdAKCEAq+p+7uVfm4RcbFkyZhvxP4DtACgkzVu h1h8kTw7vHCnO1jcAe6qZcY= =Ypeg -----END PGP SIGNATURE----- _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Proxy and Stateful together ??, (continued)
- Re: Proxy and Stateful together ?? Bennett Todd (Nov 16)
- Re: Proxy and Stateful together ?? Paul D. Robertson (Nov 16)
- Re: Proxy and Stateful together ?? Jean Caron (Nov 16)
- Re: Proxy and Stateful together ?? Bennett Todd (Nov 18)
- Re: Proxy and Stateful together ?? R. DuFresne (Nov 18)
- Re: Proxy and Stateful together ?? Bennett Todd (Nov 18)
- Re: Proxy and Stateful together ?? Jean Caron (Nov 18)
- Re: Proxy and Stateful together ?? Bennett Todd (Nov 18)
- Re: Proxy and Stateful together ?? Paul D. Robertson (Nov 16)
- Re: Proxy and Stateful together ?? Bennett Todd (Nov 16)
- Re: Proxy and Stateful together ?? Bennett Todd (Nov 18)
- Re: Proxy and Stateful together ?? OpenBSD Paul D. Robertson (Nov 16)