From owner-freebsd-questions@FreeBSD.ORG Mon Jan 23 17:24:22 2006 Return-Path: X-Original-To: freebsd-questions@FreeBSD.ORG Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3771816A430 for ; Mon, 23 Jan 2006 17:24:20 +0000 (GMT) (envelope-from danial_thom@yahoo.com) Received: from web33314.mail.mud.yahoo.com (web33314.mail.mud.yahoo.com [68.142.206.129]) by mx1.FreeBSD.org (Postfix) with SMTP id AC71C43F8E for ; Mon, 23 Jan 2006 16:59:46 +0000 (GMT) (envelope-from danial_thom@yahoo.com) Received: (qmail 61617 invoked by uid 60001); 23 Jan 2006 16:59:46 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=SN26dCHCJJNDcmYiWpBXcCvDcefv1O6GVYTrQYzdgiwCpbRIcV6HKms6tBuHFPNxeKJqK/eqMNEMuVQwlzIu9APQ3rMPwNiEWU6+rDHDH9TrLe2V0Go4b2e2NccgBTEHoJ8pZxueBxv7grFDCoUiD/TmnrhSsvhdwFQXsXQDf8s= ; Message-ID: <20060123165946.61615.qmail@web33314.mail.mud.yahoo.com> Received: from [24.46.186.215] by web33314.mail.mud.yahoo.com via HTTP; Mon, 23 Jan 2006 08:59:45 PST Date: Mon, 23 Jan 2006 08:59:45 -0800 (PST) From: Danial Thom To: Vincent Chen , freebsd-questions@FreeBSD.ORG In-Reply-To: <20060123140618.75958.qmail@web35808.mail.mud.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: Subject: Re: open source freebsd security appliance project X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: danial_thom@yahoo.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jan 2006 17:24:26 -0000 The question of the day is: why are you porting it to 6.0? Have you proven that its better? There are many commercial "appliances" that are sticking with 4.x because its more suitable for that kind of application. The issue with an open-source type of appliance is capacity; The kind of people that really need such an appliance AND have the talent in house to benefit from it usually need more than ALTQ and IPFIREWALL can deliver. You'll only diminish that by going to 6.0, while also introducing the one thing that will keep anyone from using any product: instability. After all, a slow stable appliance is of some use to some people; while even a really fast unstable appliance is of use to no-one at all. DT --- Vincent Chen wrote: > Hi, all > > I have tried to build a security applicance > based on FreeBSD 4.7 since 2001. > Which contains: > > central syslog server (syslogd) > ntp sevice (ntpd) > dhcp server (dhcpd) > dns (bind) > > IPSec (ipsec-tools) > PPTP (mpd) > > firewall (ipfilter) > traffic shape (ALTQ) > IDS (snort) > > Utilization monitor (MRTG) > > Web console including > 1. report system for firewall, ids, system > 2. configuration interface for some sub-system > (not actually working yet) > > > Recently, I upgraded this appliance to FreeBSD > 6.0. Now I got: > > * a new list of required package > * a custom kernel configuration file for 6.0 > * collection of my custom packages (mostly perl > based) > > Old web pages for this appliance avaliable > here: > > http://isolution.dyndns.biz/en/si/sc/feature.html > > Some code are broken after upgrade to 6.0. A > document to put them all togather > is not completed yet. I plan to start a open > source project base on current > resource and the goal is to build a small and > compact FreeBSD security > appliance, most importantly cost effective. The > first step is starting a close > test before release it to public and discuss > how to proceed. If you are FreeBSD > power user and interested, you are welcome to > contact me and receive a copy of > current work. Any suggestions are always > welcome. > > > Vincent Chen > > > > > > ___________________________________________________ > 最新版 Yahoo!奇摩即時通訊 > 7.0,免費網路電話任你打! > http://messenger.yahoo.com.tw/ > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com