Look at the Black Hole (not blackhole) project over at Sourceforge for a proposal for
just that.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Ben Nagy
Sent: Friday, February 23, 2001 01:18
To: Firewalls Mailing List (E-mail)
Subject: RE: To NAT or not to NAT?
<snip>
Have I ranted recently about how I want someone to pony up VC for a company
that packages best-of-breed open source solutions and teams it with real
support? Maybe we can buy djb, Darren Reed and Theo. ;)
I can see it now... A few nice 1RU servers, whack in a few DMZs, have a nice
security zone model, djbdns, postfix, some bridge-mode snort sensors,
ipfilter to taste - we can even throw in Paul Robertson's idea about running
all HTTP access as VNC sessions to a hardened browsing host to stop HTTP
trojans. Then we support it all with a high level policy language and an
object-modelled control paradigm, running over OpenSSH links for external
support and monitoring.
Wait - I'm dreaming at work again!
Oh, I should toss in a "really, really NOT the opinions of my employer"
disclaimer about here. ;)
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
