[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenBSD Firewalls?

To: Chuck Yerkes <chuck@snew.com>
Subject: Re: OpenBSD Firewalls?
From: Brent Reich <brent@rascallion.com>
Date: Mon, 15 Jan 2001 00:49:43 -0600 (CST)
Cc: misc@openbsd.org

Sorry, i thought this was a fairly straight forward question. THank you
for the answer to the stateful question.  It appears that
www.ipfilter.org is down, however
http://coombs.anu.edu.au/~avalon/ip-filter.html seems to be a mirror or
the current website for ipfilter. my goal is to provide a very good
cost-effective firewall. preferably on one box. ipfilter seems to be a
excellent starting point, especially if clients can work in a scenario
where we can deny all in. however this is rarely the case. Once we start
opening holes in the firewall a packet filter starts to lose its
potency. what i was looking for is an opensource  application firewall
that can be run in conjunction with ipfilter so that it is not prone to
tunneling attacks as almost all packet filters are. I hope that this is
more clear, and judging from some of the responses, others are interested
as well, has anyone implemented anything like this or have any other ideas
on how to accomplish this other than the way i am looking at it? I am
completely open to any ideas. Thanks to Emre and David Crenshaw for the
IDS and http proxy ideas, though i anticipate users will need more
applications than just web proxying support.

On Sun, 14 Jan 2001, Chuck Yerkes wrote:

> Date: Sun, 14 Jan 2001 09:43:53 -0800
> From: Chuck Yerkes <chuck@snew.com>
> To: Brent Reich <brent@rascallion.com>
> Cc: misc@openbsd.org
> Subject: Re: OpenBSD Firewalls?
> 
> Thanks for NOT taking this to firewall-wizards, whose
> charter is to be a place for folks who are NOT new to
> the game (a retreat from firewalls@greatcircles.com).
> 
> Yes, ipf is stateful.  See http://www.ipfilter.org.
> What is your goal?   Useless or no information means useless
> answers.
> 
> Quoting Brent Reich (brent@rascallion.com):
> > 	I have done numerous web searches for OBSD firewall solutions and
> > mainly turn up ipf answers. can anyone answer this for me, is ipf
> > stateful? is there a freeware application firewall for openbsd? if so, can
> > it be run in conjunction with ipf?
> > 	i was going to post this originally to the firewall-wizards list,
> > but as i want to run this on OBSD specifically i thought i would try here
> > first. thanks in advance.
> > 
> > 
> > 
> > -- 
> > brent
> > brent@rascallion.com
> > 
> > "The statistics on sanity are that one out of every four Americans is
> >     suffering from some form of mental illness. Think of your three best     
> >     friends. If they are okay, then it's you." - - --Rita Mae Brown  
> > 
> 
> 

-- 
brent
brent@rascallion.com

"Unix is about as user friendly as a blow in the back from an ice-pick, only not quite as productive."     -- Anon.

Follow-Ups:
- Re: OpenBSD Firewalls?
  - From: Marco S Hyman <marc@snafu.org>

References:
- Re: OpenBSD Firewalls?
  - From: Chuck Yerkes <chuck@snew.com>

Prev by Date: ipf problem
Next by Date: Hardware compression w/ Ecrix tape drives?
Prev by thread: Re: OpenBSD Firewalls?
Next by thread: Re: OpenBSD Firewalls?
Index(es):
- Date
- Thread