Re: [leaf-user] Leaf LINCE
On Saturday 16 November 2002 04:57, Jaime Nebrera Herrera wrote: > Hi, > > > Great! The WP'ed SST dom would also be a great option (or CD-ROM). > > I'll love to check it out! > > Yes, could you give me the link for that DOM? http://www.sst.com/products.xhtml/mass_storage/58/SST58SD008 This archived post would also be of use. # start of archived post RE: [leaf-user] Compact Flash VS. disk-on-module VS. disk-on-chip ? Date: Mon, 21 Oct 2002 23:55:00 +0200 From: Erich Titl <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Hi you may want to have a look at http://luna.think.ch/leaf/ADM it has a description how I modified the standard SST/Apacer ADM for write protection Erich end of previous post ## > I dont think Linux (Leaf) can compete with such hardwarem but htey > lack the flexibility. So we give you the "swish army knife firewall" > :) You have plenty of features on it, and you decide wich ones to > use. I wouldn't agree that LEAF products couldn't compete with Cisco/other products. Building a product-line, staff, and client base that Cisco has is the difficult part to duplicate on an enterprise level. I believe the cartoon "Dilbert" aptly explains a huge number of obstacals for something like LEAF in this setting. > > I'm sure many of us would contribute when and if we have the time! > > I know, its just we had a very sad experience with our LUG. Leaf is > already a quite active development community. I must also admit that I haven't found my local LUG a desirable place to participate in very sad. LEAF is general active as a whole, but with many developers, it is simply a matter of having time to actually finish the projects we are currently working on (delays of 6 months of more are not unheard of). > We have a volunteer that is working in this side. We might end up > with a snort sensor or in other option with hogwash to make a "inline > IDS" capable of dropping packages based on IDS signatures (only way > to protect an exploitable server). I'll have to take your word for this, I haven't attempted anything along these lines. > Yes I know, is the beaty of OS. We all try to compete in the same > business but at the same time need to colaborate :) Here in Spain > Barahona, one of the OS evangelists gies a little talk just of that > and is really incredible. Also, is quite easier to get real knowledge > because you end up knowing how the guts of it go. Exactly. It can save a commercial company a lot of resources and allow them time to work on specific options that individual developers would find impossible to accomplish without a full-time staff. -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Leaf LINCE
Hi, > Great! The WP'ed SST dom would also be a great option (or CD-ROM). > I'll love to check it out! Yes, could you give me the link for that DOM? > Out of curiousity, do you really feel the http/smtp/pop proxy should > be on the "firewall"? I understand many people would love this option, > but to many people (especially for enterprise installations) this would > seem to be akin to sending invitations to hackers by filtering on the > firewall. Yes indeed. We put all those components in the Compact Flash or Hard Disk, then is your choice what you want / need to activate but all will be ready to go. In a small company you might end up activating all of them, in an enterprise level compamy you might end up not activating any extra because you already have them in other / better hardware. Say the "http load balancer". If you need such a feature you surelly wont activate anithing but that getting a cheap "HTTP Alteon equivalent", but if you are a big company with lots of bucks you would already have an Alteon or Cisco or whatever. I dont think Linux (Leaf) can compete with such hardwarem but htey lack the flexibility. So we give you the "swish army knife firewall" :) You have plenty of features on it, and you decide wich ones to use. > I'm sure many of us would contribute when and if we have the time! I know, its just we had a very sad experience with our LUG. Leaf is already a quite active development community. > > Things we are planning to add in the near feature: > > > > 1) Bridge functionality. Yes, this is done with Bering but we have > > never done it, need to learn how to do it. > > 2) Proxy ARP - the same > > There are many of us using both of these options. The proxy-arp is > easy to test if you don't mind opening the server to the internet less > securely IMHO. The bridge option simply uses the box as a hub. It > can be used to tie together tp-10/100, bnc, fiber, etc..., however > tp-to-tp testing would be adaquate. > > > 3) HTTP load balancer.- We are just awaiting somebody will pay us > > to do this :) > > 4) SNORT, inline SNORT, high availability (heartbeat), > > David D/Oxygen has a snort package available, though I have > not used it personally. We have a volunteer that is working in this side. We might end up with a snort sensor or in other option with hogwash to make a "inline IDS" capable of dropping packages based on IDS signatures (only way to protect an exploitable server). > Many of us are doing this, in various degree's. Best of luck to > succeeding in your project, I hope to someday do the same > successfully! Yes I know, is the beaty of OS. We all try to compete in the same business but at the same time need to colaborate :) Here in Spain Barahona, one of the OS evangelists gies a little talk just of that and is really incredible. Also, is quite easier to get real knowledge because you end up knowing how the guts of it go. Regards -- Jaime Nebrera Herrera [EMAIL PROTECTED] --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Leaf LINCE
On Friday 15 November 2002 02:18, Jaime Nebrera Herrera wrote: > I'm the Project Manager of LINCE release. We are just awaiting to > solve a couple of problems with our CVS area to upload the iso image. > > LINCE is just a Bering distribution on steroids oriented to a > Compact Flash (or Hard Disk) system. Bering is just wonderful but it > lacks some features a professional firewall might need. BTW, is based > on glibc 2.2 Great! The WP'ed SST dom would also be a great option (or CD-ROM). I'll love to check it out! > For example we have done already: > > 1) Easy installation of Bering or LINCE from a CD installer (its > provided as an iso image). All Bering packages in a convenient place > (the iso). 2) Most popular ethernet adapters by default loaded > 3) HTB QoS trough htbinit > 4) SQUID 2.4Stable6 configured to run in memory > 5) SMTP Proxy for Antivirus (FPROT done), antirelay or antispam > (this one not done yet) > 6) POP3 transparent proxy for antivirus (FPROT) > 7) Web filter content (IP, URL, words, MIME, PICS) > 8) IPSec with FreeSWAN Out of curiousity, do you really feel the http/smtp/pop proxy should be on the "firewall"? I understand many people would love this option, but to many people (especially for enterprise installations) this would seem to be akin to sending invitations to hackers by filtering on the firewall. > We dont know if all this will be released at the first moment, or > just in future releases (first we need to try to sell them to other > people :))) but they will come, specially if this community helps us > getting some of that functionality done. I'm sure many of us would contribute when and if we have the time! > Things we are planning to add in the near feature: > > 1) Bridge functionality. Yes, this is done with Bering but we have > never done it, need to learn how to do it. > 2) Proxy ARP - the same There are many of us using both of these options. The proxy-arp is easy to test if you don't mind opening the server to the internet less securely IMHO. The bridge option simply uses the box as a hub. It can be used to tie together tp-10/100, bnc, fiber, etc..., however tp-to-tp testing would be adaquate. > 3) HTTP load balancer.- We are just awaiting somebody will pay us > to do this :) > 4) SNORT, inline SNORT, high availability (heartbeat), David D/Oxygen has a snort package available, though I have not used it personally. > We plan to live from "improving this platform" (somebody will pay > us to add some functionality), giving support, selling preassambled > systems (you can see great pictures of the box in > http://www.eneotecnologia.com/soho_fotos.html) and so on, well you > get the point. Many of us are doing this, in various degree's. Best of luck to succeeding in your project, I hope to someday do the same successfully! -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Leaf LINCE
Hi, > After reading this, I'm a bit confused. Is it a commercial or opensource > product? It a commercial quality opensourced project. That is, we want to mimic the best functionality around but keep it as opensource as possible. Of course, some parts of it are closed source, antivirus, but the "hook" to the antivirus engine is opensource. The difference is we plan to provide support and sell it already installed in a great hardware. Also, we plan to make custom development, say you want us to add "HTTP load balancing with session control". We need to to debote company resources to such a task and will charge you for that, but then provide it for free to the community. Of course, not everything is money. As part of our apport to the great Leaf project we will privide quite a bit of functionallity allready in the first image. We have made an easy Bering (or Lince) installer, we have added htbinit for QoS, we provide those lurky modifications you need to install it right away in a hard disk, and so on. As we hope this will catch some attention in this list, and as new features are developed by the community we will release more code ourselves. Also, if our business model succeeds, we plan to "donate" money and resources to this great community. Say hosting space, hardware, $$$, whatever. This way we will just thank in a clear way those efforts done in Leaf. If you know coyotelinux is more or less the same stuff but with a big difference, we wont restrict the downloading. Once a feature has been developed and payed for (say in money, say in other functionality) we will release more code into the public sourceforge area. FE, we might be interested in zebra integration. We could do it ourselves, or somebody could provide it (I dont care if that coder is getting paid or not for his job). In exchange we will release a new feature, and so on. So if the community really involves itself in developing and testing we will provide much code than if they just wait and wait. We have already devoted a 3 month period of coding from my partner and friend. He has implemented all the points I said in a prior email, we are just eager to make them public as this project evolves, but dont expect us to make ALL public the first time. We had such a experience with our local LUG and was really frustating to see a 0 code contribution when you gave them quite a bit of resources. Thanks in advance. -- Jaime Nebrera Herrera [EMAIL PROTECTED] --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Leaf LINCE
So, After reading this, I'm a bit confused. Is it a commercial or opensource product? --Pat On Fri, 15 Nov 2002, Jaime Nebrera Herrera wrote: > Hi Sebastiano, > > > am I wrong or somebody recently wrote about a future Leaf branch called > > LINCE? > > Can anybody give more details? > > I'm so curious > > I'm the Project Manager of LINCE release. We are just awaiting to solve a > couple of problems with our CVS area to upload the iso image. > > LINCE is just a Bering distribution on steroids oriented to a Compact Flash > (or Hard Disk) system. Bering is just wonderful but it lacks some features a > professional firewall might need. BTW, is based on glibc 2.2 > > For example we have done already: > > 1) Easy installation of Bering or LINCE from a CD installer (its provided > as an iso image). All Bering packages in a convenient place (the iso). > 2) Most popular ethernet adapters by default loaded > 3) HTB QoS trough htbinit > 4) SQUID 2.4Stable6 configured to run in memory > 5) SMTP Proxy for Antivirus (FPROT done), antirelay or antispam (this one > not done yet) > 6) POP3 transparent proxy for antivirus (FPROT) > 7) Web filter content (IP, URL, words, MIME, PICS) > 8) IPSec with FreeSWAN > > We dont know if all this will be released at the first moment, or just in > future releases (first we need to try to sell them to other people :))) but > they will come, specially if this community helps us getting some of that > functionality done. > > All his is already there (excep IPSec we are working now) and runs without > the need for a hard disk. The project idea is "make a professional firewall > with open software". All this features are not activated by default (dont > activate anything you dont need) but they are installed in the Compact Flash > for rapid deployment. > > Things we are planning to add in the near feature: > > 1) Bridge functionality. Yes, this is done with Bering but we have never > done it, need to learn how to do it. > 2) Proxy ARP - the same > 3) HTTP load balancer.- We are just awaiting somebody will pay us to do > this :) > 4) SNORT, inline SNORT, high availability (heartbeat), > > I think its just a great project, so keep in touch !! If you want to see > more details of the project in spanish you can go to: > > http://www.eneotecnologia.com/proyectos_lince.html > > We plan to live from "improving this platform" (somebody will pay us to add > some functionality), giving support, selling preassambled systems (you can > see great pictures of the box in > http://www.eneotecnologia.com/soho_fotos.html) and so on, well you get the > point. > > Thats all folks ! :) Regards. > > BTW, we have to update to 1.0stable. Great jobs guys:) We were just using rc3 > with bugs solved. > > --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Leaf LINCE
Hi Sebastiano, > am I wrong or somebody recently wrote about a future Leaf branch called > LINCE? > Can anybody give more details? > I'm so curious I'm the Project Manager of LINCE release. We are just awaiting to solve a couple of problems with our CVS area to upload the iso image. LINCE is just a Bering distribution on steroids oriented to a Compact Flash (or Hard Disk) system. Bering is just wonderful but it lacks some features a professional firewall might need. BTW, is based on glibc 2.2 For example we have done already: 1) Easy installation of Bering or LINCE from a CD installer (its provided as an iso image). All Bering packages in a convenient place (the iso). 2) Most popular ethernet adapters by default loaded 3) HTB QoS trough htbinit 4) SQUID 2.4Stable6 configured to run in memory 5) SMTP Proxy for Antivirus (FPROT done), antirelay or antispam (this one not done yet) 6) POP3 transparent proxy for antivirus (FPROT) 7) Web filter content (IP, URL, words, MIME, PICS) 8) IPSec with FreeSWAN We dont know if all this will be released at the first moment, or just in future releases (first we need to try to sell them to other people :))) but they will come, specially if this community helps us getting some of that functionality done. All his is already there (excep IPSec we are working now) and runs without the need for a hard disk. The project idea is "make a professional firewall with open software". All this features are not activated by default (dont activate anything you dont need) but they are installed in the Compact Flash for rapid deployment. Things we are planning to add in the near feature: 1) Bridge functionality. Yes, this is done with Bering but we have never done it, need to learn how to do it. 2) Proxy ARP - the same 3) HTTP load balancer.- We are just awaiting somebody will pay us to do this :) 4) SNORT, inline SNORT, high availability (heartbeat), I think its just a great project, so keep in touch !! If you want to see more details of the project in spanish you can go to: http://www.eneotecnologia.com/proyectos_lince.html We plan to live from "improving this platform" (somebody will pay us to add some functionality), giving support, selling preassambled systems (you can see great pictures of the box in http://www.eneotecnologia.com/soho_fotos.html) and so on, well you get the point. Thats all folks ! :) Regards. BTW, we have to update to 1.0stable. Great jobs guys:) We were just using rc3 with bugs solved. -- Jaime Nebrera Herrera [EMAIL PROTECTED] --- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html