On Wed, 18 Jun 1997 10:55:41 EST [EMAIL PROTECTED] wrote: > One wants a firewall to > 1. not require logging into the firewall computer itself (TIS requires > this) > 2. not require putting new (1 line changed then recompiled) ftp, > telnet, ... on the computers behind the firewall (SOCKS4 may require > this, I forget) > Anyone running a debian-based firewall out there?
Yup. > Does anyone have any experience with the TIS firewall toolkit package > for Debian? How about setting up firewalling in the kernel? I have an `industrial' firewall working out there, fully in the kernel (with ipfwadm). It masquerades all outbound connections (currently all, but you can choose which ports to forward and/or allow outbound connections), and refuses all outside connections except for mail, DNS and http. It also checks for spoofing (correct addresses on correct interfaces). >From the user, the only constraint is that he has to use passive ftp. >Everything else is completely transparent. Ipfwadm is hard to figure out at the first glance, but it's really powerful. Phil. -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .