From owner-freebsd-security  Wed Dec  6  6:10:18 2000
From owner-freebsd-security@FreeBSD.ORG  Wed Dec  6 06:10:16 2000
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from gw.nectar.com (gw.nectar.com [208.42.49.153])
	by hub.freebsd.org (Postfix) with ESMTP id 18CF137B400
	for <freebsd-security@FreeBSD.ORG>; Wed,  6 Dec 2000 06:10:16 -0800 (PST)
Received: by gw.nectar.com (Postfix, from userid 1001)
	id AC1EA193E1; Wed,  6 Dec 2000 08:10:15 -0600 (CST)
Date: Wed, 6 Dec 2000 08:10:15 -0600
From: "Jacques A. Vidrine" <n@nectar.com>
To: Manfred Petz <pm@aber.warum.net>
Cc: Alexander Gavrilov <agv@haba.uven.ru>,
	freebsd-security@FreeBSD.ORG
Subject: Re: TIS Firewall Tookit
Message-ID: <20001206081015.B61027@spawn.nectar.com>
Mail-Followup-To: "Jacques A. Vidrine" <n@nectar.com>,
	Manfred Petz <pm@aber.warum.net>,
	Alexander Gavrilov <agv@haba.uven.ru>, freebsd-security@FreeBSD.ORG
References: <200012061332.eB6DWDl03448@haba.uven.ru> <Pine.LNX.4.04.10012061447230.20285-100000@saturn.innonet.at>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.LNX.4.04.10012061447230.20285-100000@saturn.innonet.at>; from pm@aber.warum.net on Wed, Dec 06, 2000 at 03:03:03PM +0100
X-Url: http://www.nectar.com/
Sender: nectar@nectar.com
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, Dec 06, 2000 at 03:03:03PM +0100, Manfred Petz wrote:
> I've been using it for years and I regret it. I had to apply tons of
> patches to fix various problems with http-gw and smap (3rd party relay). A
> couple of times I even had to debug and fix problems by myself because
> either there was no patch or I couldn't find out where to get a patch.

YMMV.   This toolkit is useful, but it _is_ a toolkit -- not a
ready-to-run full-featured firewall.  The included parts are all small
and easily understood -- a huge bonus from the security point-of-view. 

[snip]
> If you dont't want to or can't use SOCKS then for a proxy based firewall
> you may take a look at delegate(1). I'm using it at one site (though I
> don't have much experience with it).

Neither SOCKS nor delegate are firewall software.  The latter, in
particular, is probably one of the least secure pieces of proxy software
ever written.

-- 
Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message