Re: Should I propose a Debian Firewall?
On Mon, Nov 29, 1999 at 04:35:47PM +0000, Rene Mayrhofer wrote:
> Kiss Csaba wrote:
> > What type of your firewall ? Packet-filtering or proxy-based or
> > statefull or other
> In principle it is open to any concept.
> We use a combination of packet-filtering (standard linux kernel) and
> proxies (e.g. for ftp which is a nightmare to packet-filter).
Which proxy package did you use? We (here at BNL) are looking at building
a sitewide 'screened subnet' firewall. I'm having a hard time getting my
mind around the proxies. We will have a bunch of machines running as proxy
servers. Do you run all proxies on all servers? 1 proxy per server? Then,
how do you know which one to go to?
> But if you use the sifi kernel module, you can have stateful inspection
> as well (I hope that standard kernel 2.4.x will get a stateful
> inspection module sometimes - maybe I will write one using the netfilter
> API).
Really? It looked like sifi was just packet filtering to me! What kernel
are you running sifi with? I've tried 2.2.10-2.2.12, and it panics the
kernel quite regularly...
Tim
--
(work) sailer@bnl.gov / (home) tps@buoy.com - http://www.buoy.com/~tps
Organization is the enemy of improvisation.
** Disclaimer: My views/comments/beliefs, as strange as they are, are my own.**
Reply to: