> > now i have recommeded it to a organistion where they gonna host a very > high secure webserver for online transactions >
I don't think you have to care too much about speed as long as the firewall is on decent hardware. If you want to increase security I recommend to add additional layers to your firewall infrastructure. For websevers, a reverse proxy can give you additional security on the application layer. For example you could check for valid URL's before the request hits your webserver. Another advantage is that you could also terminate SSL connections on the reverse proxy and therefore reduce the load on the webserver. To increase security further you could put the reverse proxy and the webserver in different DMZ's, or even have more than one firewall. FW1 -> rev. proxy -> FW2 -> webserver Pound is a nice reverse proxy I'm using in different places: http://www.apsis.ch/pound/index_html Regards, Simon ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
