On Wed, 18 Jun 1997 10:55:41 EST JIM_BURT_at_nassfirstname.lastname@example.org
> One wants a firewall to
> 1. not require logging into the firewall computer itself (TIS requires
> 2. not require putting new (1 line changed then recompiled) ftp,
> telnet, ... on the computers behind the firewall (SOCKS4 may require
> this, I forget)
> Anyone running a debian-based firewall out there?
> Does anyone have any experience with the TIS firewall toolkit package
> for Debian? How about setting up firewalling in the kernel?
I have an `industrial' firewall working out there, fully in the kernel (with ipfwadm). It masquerades all outbound connections (currently all, but you can choose which ports to forward and/or allow outbound connections), and refuses all outside connections except for mail, DNS and http. It also checks for spoofing (correct addresses on correct interfaces).
>From the user, the only constraint is that he has to use passive ftp. Everything else is completely transparent.
Ipfwadm is hard to figure out at the first glance, but it's really powerful.
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
Trouble? e-mail to email@example.com .