Am 22. Sep, 2000 schwäzte Jason so:

> Regarding the general issue of security, if the computer is ONLY to be
> used as a firewall, the best way to ensure that it is secure is to
> have absolutely ONLY what you need on it, and allow telnet logins only

Don't allow telnet at all. No need for it. Use ssh. Maybe setup a serial
console as well.

> from the LAN side. Web server, X, and videogame security issues are
> nonexistant if these things are not installed on the system to start
> with!
> 
> Internet Junkbuster is a pretty decent HTTP proxy (seems to work for
> HTTPS as well. Not sure if this is handled differently or not, or even
> if it needs to be) that also has the ability to block advertizements
> (or any other unwanted web content... if this is for a low-bandwidth
> network, block common extentions for large files..). You can use it to
> let people OUT of the firewall, if you dont wish to use transparent

You should also be able to use it as a transparent proxy. I'm doing by
using ipchains and REDIRECT to transparently toss stuff at squid. The hard
part was getting squid to work :).

ciao,

der.hans
-- 
#  der.hans@LuftHans.com   home.pages.de/~lufthans/   www.Opnix.com
#  You can't handle the source! - der.hans