OK, now how about proxies...
Following up from the 'Is Linux secure enough?' question (to which the
answer was "We all think so" :-) I was wondering what more I could make this
system offer over our current firewall.
At the moment the current system is purely packet filtering, but I know that
when we first put it up we were thinking about having a proxy firewall for
FTP. Are there any proxy packages I should take a look at?
Also, the firewall policy tends to be all incomming connections are denied
(with the exception of a few key systems from the ISP), only outgoing Web
and FTP ports are open. The incomming side of this seems sensible to me, but
the outgoing side seems to me to be locking the gate once the horse has
bolted. Either you plug the holes with proxies, or there is little reason to
limit the ports available for outgoing traffic.