Date: Thu, 15 Nov 2001 23:47:45 +1100 (Australia/NSW) From: Darren Reed <avalon@cairo.anu.edu.au> To: Cy.Schubert@uumail.gov.bc.ca Cc: mike@sentex.net (Mike Tancsa), anderson@centtech.com, freebsd-security@FreeBSD.ORG Subject: Re: NAT vs Application layer proxy Message-ID: <200111151247.fAFCljc5025237@cairo.anu.edu.au> In-Reply-To: <200111151226.fAFCQof21790@cwsys.cwsent.com> from "Cy Schubert - ITSD Open Systems Group" at Nov 15, 2001 04:26:34 AM
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Cy Schubert - ITSD Open Systems Group, sie said: > > In message <5.1.0.14.0.20011112091952.06b2cb30@marble.sentex.ca>, Mike > Tancsa w > rites: > > At 08:24 AM 11/12/01 -0600, Eric Anderson wrote: > > >What are some of the advantages/disadvantages of an > > >application layer proxy server, versus a box running NAT > > >with packet filtering on it (like ipfilter or IPFW)? > > > > Auditing is a big one. Also, you can do neat things like block NIMDA > > infected sites with Squid. > > I've been playing with SquidGuard lately to filter web traffic based > upon content, regexp matches within domainname, and network blocks. > Many people at work with children have expressed interest, given that > an old PC (who doesn't have an old PC lying around these days) running > FreeBSD + IP Filter is all that is needed, not to mention one gets a > firewall as a bonus. squidguard.org provides updates to the database. IPFilter forms the base for Internet Sheriff, which was originally a hacked squid but not any more... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200111151247.fAFCljc5025237>