Am 22. Sep, 2000 schwäzte Jason so: > Regarding the general issue of security, if the computer is ONLY to be > used as a firewall, the best way to ensure that it is secure is to > have absolutely ONLY what you need on it, and allow telnet logins only Don't allow telnet at all. No need for it. Use ssh. Maybe setup a serial console as well. > from the LAN side. Web server, X, and videogame security issues are > nonexistant if these things are not installed on the system to start > with! > > Internet Junkbuster is a pretty decent HTTP proxy (seems to work for > HTTPS as well. Not sure if this is handled differently or not, or even > if it needs to be) that also has the ability to block advertizements > (or any other unwanted web content... if this is for a low-bandwidth > network, block common extentions for large files..). You can use it to > let people OUT of the firewall, if you dont wish to use transparent You should also be able to use it as a transparent proxy. I'm doing by using ipchains and REDIRECT to transparently toss stuff at squid. The hard part was getting squid to work :). ciao, der.hans -- # der.hans@LuftHans.com home.pages.de/~lufthans/ www.Opnix.com # You can't handle the source! - der.hans