Marcus, is this the case for all of the FWTK proxies or just some of them?
I know the smap for mail has been effectivly out of date since spam started to be a significant issue. the only problems I have with openssh replacing telnet, rlogin and ftp are that: 1. the clients are not on all machines 2. you can't (easily) use strong authentication other then certificates. 2a. if you use certificates you tie yourself to only being able to work from machines that have the cert installed. http-gw, is this what you are suggesting useing squid for? plug-gw, for things that don't fit the other proxies is there something else you suggest? x-gw, when used in conjunction with tn-gw it can let you run X through an internal non-transparent firewall, is there anything to replace this? I agree that the FWTK has some (fairly severe) limits on what it should be used for, but within those limits I still see it as useful. David Lang On Tue, 23 Oct 2001, Marcus J. Ranum wrote: > Date: Tue, 23 Oct 2001 15:08:35 -0400 > From: Marcus J. Ranum <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: Tis Firewall Toolkit AND Solaris8 > > [EMAIL PROTECTED] wrote: > >Subject: Tis Firewall Toolkit AND Solaris8 > > I think the firewall toolkit's so long in the tooth it's best not to > use it anymore. Instead of the toolkit, I'd suggest using a > combination of: > - openssh (extra credit: chrooted to a subdirectory with a shell and a copy of >telnet) > - squid cache (chrooted) > - postfix > > All of those tools are better (albeit more complex) and better maintained > than the fwtk equivalents. > > mjr. > --- > Marcus J. Ranum Chief Technology Officer, NFR Security, Inc. > Work: http://www.nfr.com > Personal: http://www.ranum.com > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls > _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
