mmi.cz

• Next message: Omachonu Ogali: "Random Sequence Numbers"
• Previous message: Michael Lucas: "application proxies?"
• In reply to: Michael Lucas: "application proxies?"
• Next in thread: Fernando Schapachnik: "Re: application proxies?"
• Next in thread: Zahemszky Gabor: "Re: application proxies?"
• Reply: Martin Machacek: "RE: application proxies?"
• Reply: Fernando Schapachnik: "Re: application proxies?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 08-Feb-00 Michael Lucas wrote:
> I'm preparing an article on FreeBSD firewall tools. So far I plan to
> cover ipfw & natd, ipfilter & ipnat, fwtk, kern.securelevel, and
> mention snort and nessus as a sideline.
>
> I'd like to present as many applications as possible. The major lack
> I see is a choice of application-level proxies such as fwtk. Are there
> some I'm not aware of?

Well, fwtk runs fine on FreeBSD so it has to be included in description of
FreeBSD firewall tools.

raproxy - proxy for Progressive Networks PNM protocol (RealAudio) - not a
             high quality proxy but usable
rtsp_proxy - proxy for RTSP (Real Time Streaming Protocol) - barely usable but
             available for further improvements/hacking

> Also, if anyone has any suggestions on other software to cover, I'd
> appreciate a pointer.

squid - not exactly a security proxy but usable for that purpose,
socks/dante - general circuit-level proxies useful in some scenarios,
stunnel/bjorb - again not application proxies but useful for building firewalls

I believe that also tools for building VPNs should be included since VPN
capability is mostly viewed as a mandatory part of any up-to-date "firewall"
product these days. So, you might want to take a look on:

pipsecd - simple IPSEC based tunneling daemon,
skip - general IP encryption and tunneling tool,
pptp-client/pop-top - PPTP client and server useful if you have to talk to some
             bozos using M$ "technology"

You should search through the ports collection (expecially net and security
category) and I'm sure you will find more (I recommend using the "ports browser"
tool called "pib" available in the ports collection). However, keep in mind that
not all of the firewall building tools available in the ports collection are
usable for building production grade firewalls. To give recommendations you'd
have to try them first yourself.

        Martin

---
[PGP KeyID F3F409C4]
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Next message: Omachonu Ogali: "Random Sequence Numbers"
• Previous message: Michael Lucas: "application proxies?"
• In reply to: Michael Lucas: "application proxies?"
• Next in thread: Fernando Schapachnik: "Re: application proxies?"
• Next in thread: Zahemszky Gabor: "Re: application proxies?"
• Reply: Martin Machacek: "RE: application proxies?"
• Reply: Fernando Schapachnik: "Re: application proxies?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]