Re: Sinus Firewall

To: Michael Meskes <meskes@debian.org>
Cc: debian-firewall@lists.debian.org
Subject: Re: Sinus Firewall
From: "Ivan E. Moore II" <rkrusty@tdyc.com>
Date: Sat, 1 Jan 2000 03:16:22 -0700
Message-id: <[🔎] 20000101031621.A19835@tdyc.com>
In-reply-to: <19991228155403.B428@fam-meskes.de>; from meskes@debian.org on Tue, Dec 28, 1999 at 03:54:03PM +0100
References: <19991227163331.A1130@fam-meskes.de> <19991227120717.D3985@sailer.itd.bnl.gov> <19991227192456.A932@fam-meskes.de> <19991228030827.A30852@lina.inka.de> <19991228155403.B428@fam-meskes.de>

Hi,

   I have packages that I'm working on but have to do some more work
on them before I can officially upload them to Debian.  I still need
to put in the hooks so that it's easy for people to recompile it against
a new kernel (ala pcmcia, etc...).  


Alot of the code for the client is still under work...it does not work
with the current java code that's in potato.  But the rest of it does.

I should be able to have deb's up for testing in the next couple weeks.  

Ivan



On Tue, Dec 28, 1999 at 03:54:03PM +0100, Michael Meskes wrote:
> On Tue, Dec 28, 1999 at 03:08:27AM +0100, Bernd Eckenfels wrote:
> > Hallo Michael,
> 
> Thanks Bernd.
> 
> 
> > Ok, one of the big advantages of sifi (as I evaluated the last tme) is that
> > since it is statefull, configuring it is quite easy, since you have to gibe
> > only one rule to allow a TCP connection, and not 6 or more. It supports
> > spoofing detection (was important for 2.0) itself and it can be scripted to
> > do dynamic blocking. Therefore reconfiguration of the rulebase and adding of
> > temporary rules is easier. It also supports some protocols better as
> > ipchains does (IGMP, RIP, FTP). The gui is a nother neat thing, especially
> > in combination with the daemon which can do a lot usefull logging and
> > reporting, monitoring and connection killing. The main disadvantage was,
> 
> Sounds really interesting. However, I wasn't able to compile it so far. The
> Java part simply does not compile. Neither on my Debian machine nor on a
> SuSe test installation. Does anyone have a precompiled DEB?
> 
> > that it only supports 2 interfaces. I cant say much about stability.
> 
> Does not look like too much of an disadvantage does it? Okay, there are some
> (historic?) setups that ask the firewall to connect three nets: external,
> internal and perimeter.
> 
> But if I had to choose I would prefer to have two firewalls anyway and get a
> DMZ.
> 
> Or am I wrong on this. Once again I'm spend quite some time doing different
> things and now I'm pretty outdated with my info.
> 
> > Perhaps it is the best to go back to the old application proxies for some
> > applications like FTP. A FTP proxy which is using a program to analyze the
> > control channel and set up ipportfw/accept rules in kernel mode dynamically
> > can be a good solution. You dont need to "pump" the FTP up/downloads through
> > usermode but still have the posibillity to intelligent filter the FTP
> 
> What exactly do you need this for? I can see two ways of FTP usage, either
> incoming with no write persmissions (normally) and outgoing. What really
> caused me trouble the last time I set up a firewall was redirecting incoming
> FTP to a M$ machine and enabling active usage.
> 
> Michael
> -- 
> Michael Meskes                         | Go SF 49ers!
> Th.-Heuss-Str. 61, D-41812 Erkelenz    | Go Rhein Fire!
> Tel.: (+49) 2431/72651                 | Use Debian GNU/Linux!
> Email: Michael@Fam-Meskes.De           | Use PostgreSQL!
> 
> 
> --  
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
---end quoted text---

-- 
----------------
Ivan E. Moore II
rkrusty@tdyc.com
http://snowcrash.tdyc.com
GPG KeyID=90BCE0DD
GPG Fingerprint=F2FC 69FD 0DA0 4FB8 225E 27B6 7645 8141 90BC E0DD

Reply to:

Next by Date: Re: Sinus Firewall
Next by thread: Re: Sinus Firewall
Index(es):
- Date
- Thread