> A good starting point would be to sum up the status of the field. > Is there a FAQ for firewalls/vpn on linux?
There are HOWTO's for both, though the HOWTO for VPN's is a specific solution that the guy who wrote it came up with. He has done more work on that since then and there is a debian package in the experimental section but it doesn't work straight out of the box. I was able to get it to work with some effort on my part and it works great now. But it's only a specific solution for linux to linux. > What litteratur can be found? There is a ton of literature on firewalls and vpn's in general, as for on linux there is less. The new kernel featues for firewalls seem to be documented well from what I have seen. > What commersial vendors are offereing linux based firewall solutions? I have seen about 2 so far...one is mentioned in the ipchains howto so I'd assume it's up to speed with the new kernel. The other I saw uses the 2.0.x kernel so it's not up to speed as yet. I will tracke down the names and url's and put them up on the site. > What security problems are found in real life? In what way? As in what features must we have versus those we'd like to have? Basically trying to come up with a plan of action like they have for apt...stage 1 would be goal a...stage 2 would be goal b.??? If that's what you mean this shouldn't be hard to pound out...I could probably have something in the next day or so. If you mean a list of all the possible threats..that can be a lot...unless you generalize it. One thing that is nice is that the kernel has alot of the main issues hammered out already. > Are there any related lists/newsgroups? Most likely yes. I have no clue about newsgroups as I don't do newsgroups personally. I spend enough time keeping up on mail and everything else. :) There are several firewall/security related mailing lists out there. There is the firewalls at greatcircle (not sure off hand the exact name or url..but I'll get it and put it on the site). That's where alot of the firewall guru's exchange info on. > What are the usual solutions? Usual solutions for firewalls? Well, for most companies they go with products like Checkpoint Firewall 1. (has the market share I believe) For those who use linux...it's been using ipfwadm to manually control the firewall rules on their system. Debian has it setup now so you can install ipmasq and do automatic ip masquerading and firewalling. The basic rules are exactly that..basic...not much to it and you still have to manually hack files or run the commands in order to do anything of significance. I hope this answered your q's. I would be nice to get a team of debian developers (tho the project is more linux general) to work on this. Over the next few weeks I will be able to free more of my time up and will be focusing on this more and more. (even though it's going to mean that I learn to program properly... :)) Ivan -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Ivan E. Moore II Rev. Krusty http://www.tdyc.com [EMAIL PROTECTED] -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Imagination is more important than knowledge - Albert Einstien -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- GPG KeyID=0E1A75E3 GPG Fingerprint=3291 F65F 01C9 A4EC DD46 C6AB FBBC D7FF 0E1A 75E3 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
