Slashdot Mirror
Information on Linux Firewalls?
db asks:
"I am looking for clear and up to date
information on Linux firewalls for the
suits at my job. I am looking for
performances, advanced feature, and third
party support information. I have reviewed
a number of HOWTOs, but what I need is
something my CIO will believe. "
I have a book here called "Firewalls and Internet security" by Cheswick Bellovin
Does anyone know of a good open source firewall / filtering solution? I work for a school district, and we have a need to filter out the nonsense and inappropriate stuff. We use squid + junkbuster at work, but the lack of a 'blacklist' makes my job tough. Our solution so far has been to deny all outgoing anything to *.net or *.com, with a block on 'badword sites' and create a list of exceptions. It's icky.
If anyone has any better solutions, I'd appreciate it. I've been thinking about perhaps setting up some sort of publically editable blacklist dodad, that anyone can modify over the web that generates and modifies a downloadable junkbuster filter or even worse, ipchains firewall rule. If there is any interest out there in such a 'public' blacklist, i'd like to know.
I heard this directly from a Checkpoint employee also.
They didn't have firewalls when I was in school. Except for that big silver door between the boy's locker room and the boiler room where Mr. Landsley, the janitor, used to take some of us and do weird things to us after we got out of the shower.
Word from a reliable source has it that Checkpoint have working Linux port of Firewall-1 internally and are just waiting to see if there is enough market demand for them to bother releasing and supporting it...... maybe it is time to let them know if you are interested. Sorry, no email contact yet...
One of the original "building an Internet Firewall" books was written by the security guys at AT&T sometime circa 1992. Anyway, the specifically mention that the only way to have a truly secure firewall is if you have control over all the source code for the software running on it. Consequently they recommend either buying the source license or using BSD or Linux. Sorry, I can't remember the title of the book.
sigs are a waste of space
If you're a clued-up techie and you are giving your CIO advice and *he doesn't believe you*, then clearly he's incompetent. Fire him, or get him fired!
There's nothing worse than a manager that doesn't know about something and yet refuses to delegate the decision making in that area to the people that he has around him for this very purpose.
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
Take a look at:
:)
Sinus -
http://www.ifi.unizh.ch/ikm/SINUS/firewall/
The TIS Firewall Toolkit -
ftp://ftp.tis.com/pub/firewalls/toolkit/
VCS -
http://www.ktgroup.co.uk/products/inetindex.htm
WatchGuard -
http://www.watchguard.com/
spf -
ftp://ftp.interlinx.bc.ca/pub/spf/
If you're after 'market leading' firewalls, try hassling your sales contact.
Why not write your own report? Do a little research, show your references. Like back in high school. Or don't they do that any more?
-- Your mother is an Active Server Page.