On Thu, Sep 25, 2003 at 04:02:01PM +0300, Haim Ashkenazi wrote: > Hi > > I've read an article about FreeBSD which made me read some parts of the > FreeBSD docuemtations. in the firewall section there is a short description > about proxy firewalls. I've made some more searching and found a "free" > product called "TIS" which provide this functionality (which I thought was > only available on costly commercial products like checkpoint). a little
Just FYI, TIS was the company founded by Marcus Ranum which provided the firewall toolkit (see www.fwtk.org). The FWTK was the basis for the first commercial firewall: Gauntlet [1]. FWTK is not "free" in any sense, see http://www.fwtk.org/fwtk/download/downloading.html#1.3 Also, Checkpoint is not a proxy firewall (but it is starting to become like one with this new 'Application Intelligence' stuff) > more searching got me to products available to linux (like dante), but in > their documentations I've read that it is used mainly for outgoing traffic. > > I know very little about this subject, so I was wondering, is there a > product for linux that provide some more security for incoming traffic > (instread of just sophisticated filtering). You might want to take a look at Zorp (www.gnu.org/directory/security/firewall/zorp.html) which provides a framework for developing proxies with filtering (i.e. a proxy firewall) in Python. And, of course, it's packaged in Debian. You can still build a "firewall proxy" without things like fwtk or Zorp but it's kind of a "do-it-yourself" thing: take a set of proxies ('apt-cache search proxy') such as squid, dircproxy, ftp-proxy, pdnsd, perdition, smtpd, xfwp, and simpleproxy, install them on a bastion host, configure each tool to implement your security policy by filtering within each of the proxies, code filters in those proxies that do not implement them, etc. Regards Javi [1] Googling I've found a nice article which describes this better "Firewalls and Internet Security, the Second Hundred (Internet) Years" by Frederick Avolio, available at a number of places including http://www.spirit.com/CSI/Papers/fw2hundred.html
pgp00000.pgp
Description: PGP signature
