[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Sinus Firewall

On Tue, Dec 28, 1999 at 03:08:27AM +0100, Bernd Eckenfels wrote:
> Hallo Michael,

Thanks Bernd.

> Ok, one of the big advantages of sifi (as I evaluated the last tme) is that
> since it is statefull, configuring it is quite easy, since you have to gibe
> only one rule to allow a TCP connection, and not 6 or more. It supports
> spoofing detection (was important for 2.0) itself and it can be scripted to
> do dynamic blocking. Therefore reconfiguration of the rulebase and adding of
> temporary rules is easier. It also supports some protocols better as
> ipchains does (IGMP, RIP, FTP). The gui is a nother neat thing, especially
> in combination with the daemon which can do a lot usefull logging and
> reporting, monitoring and connection killing. The main disadvantage was,

Sounds really interesting. However, I wasn't able to compile it so far. The
Java part simply does not compile. Neither on my Debian machine nor on a
SuSe test installation. Does anyone have a precompiled DEB?

> that it only supports 2 interfaces. I cant say much about stability.

Does not look like too much of an disadvantage does it? Okay, there are some
(historic?) setups that ask the firewall to connect three nets: external,
internal and perimeter.

But if I had to choose I would prefer to have two firewalls anyway and get a

Or am I wrong on this. Once again I'm spend quite some time doing different
things and now I'm pretty outdated with my info.

> Perhaps it is the best to go back to the old application proxies for some
> applications like FTP. A FTP proxy which is using a program to analyze the
> control channel and set up ipportfw/accept rules in kernel mode dynamically
> can be a good solution. You dont need to "pump" the FTP up/downloads through
> usermode but still have the posibillity to intelligent filter the FTP

What exactly do you need this for? I can see two ways of FTP usage, either
incoming with no write persmissions (normally) and outgoing. What really
caused me trouble the last time I set up a firewall was redirecting incoming
FTP to a M$ machine and enabling active usage.

Michael Meskes                         | Go SF 49ers!
Th.-Heuss-Str. 61, D-41812 Erkelenz    | Go Rhein Fire!
Tel.: (+49) 2431/72651                 | Use Debian GNU/Linux!
Email: Michael@Fam-Meskes.De           | Use PostgreSQL!

Reply to: