On Thu, Sep 25, 2003 at 04:02:01PM +0300, Haim Ashkenazi wrote: > I've read an article about FreeBSD which made me read some parts of the > FreeBSD docuemtations. in the firewall section there is a short description > about proxy firewalls. I've made some more searching and found a "free" > product called "TIS" which provide this functionality (which I thought was > only available on costly commercial products like checkpoint). a little > more searching got me to products available to linux (like dante), but in > their documentations I've read that it is used mainly for outgoing traffic. > > I know very little about this subject, so I was wondering, is there a > product for linux that provide some more security for incoming traffic > (instread of just sophisticated filtering).
The point of a protocol-proxy is that you want to provide services to the outside world, but you don't trust your server software to be robust against protocol-level attacks (buffer overflows, primarily). Since one of the points of Debian is to fix bugs in software, that's not particularly a direction that's interested anyone recently. However, the tools are in place to build your own. Generically, any protocol can be diverted to another program by the packet filtering system; it's trivial to send things on to other computers, too. There are lots of HTTP, FTP, SMTP, DNS, X... proxies available, some of which have been built with security in mind and others with other goals. Look at packages simpleproxy, stone, totd, squid, xfwp, and in fact everything you get from an "apt-cache search proxy". -dsr-
