[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Create a canned "Firewall Build" or RFHH



Jatin Nansi wrote:

Hi,

What do you plan for the features to be included
into this project? There are a lot of things that go into
a commercial firewall, so r u planning something comparable, or something that is a packet
filter and NAT (which OBSD with pf basically is).
Atleast a list of all expected features will get people interested...


From my point of view:
   Required:
       Tight filtering
       with/without NAT
       with/without VPN pass through.  Either from inside or outside.
       Detailed logging
       Complete audit of file/directory permissions

Nice as an option:
VPN server
Mail server
Research needed:
VPN server
Web w/ STATIC pages. No CGI.


   NO WAY:
       CGI
       general user logins

I would like to keep it fairly tight. But realizing that some smaller businesses may need a bit more, but encourage them to migrate those "non-firewall" services to a secured machine to keep the firewall as clean as possible.

JRSM

--
_ | John Raymond Stone Mascio _|_|_) | mascio_(_at_)_ryu_(_dot_)_com (_|_| | 214.725.7518
| 972.240.5040
-----------------------------------------------------------------



Visit your host, monkey.org