Am 22. Sep, 2000 schwäzte Jason so:
> Regarding the general issue of security, if the computer is ONLY to be
> used as a firewall, the best way to ensure that it is secure is to
> have absolutely ONLY what you need on it, and allow telnet logins only
Don't allow telnet at all. No need for it. Use ssh. Maybe setup a serial
console as well.
> from the LAN side. Web server, X, and videogame security issues are
> nonexistant if these things are not installed on the system to start
> with!
>
> Internet Junkbuster is a pretty decent HTTP proxy (seems to work for
> HTTPS as well. Not sure if this is handled differently or not, or even
> if it needs to be) that also has the ability to block advertizements
> (or any other unwanted web content... if this is for a low-bandwidth
> network, block common extentions for large files..). You can use it to
> let people OUT of the firewall, if you dont wish to use transparent
You should also be able to use it as a transparent proxy. I'm doing by
using ipchains and REDIRECT to transparently toss stuff at squid. The hard
part was getting squid to work :).
ciao,
der.hans
--
#
der.hans@LuftHans.com home.pages.de/~lufthans/
www.Opnix.com
# You can't handle the source! - der.hans
(text/plain)