Hi, > Great! The WP'ed SST dom would also be a great option (or CD-ROM). > I'll love to check it out!
Yes, could you give me the link for that DOM? > Out of curiousity, do you really feel the http/smtp/pop proxy should > be on the "firewall"? I understand many people would love this option, > but to many people (especially for enterprise installations) this would > seem to be akin to sending invitations to hackers by filtering on the > firewall. Yes indeed. We put all those components in the Compact Flash or Hard Disk, then is your choice what you want / need to activate but all will be ready to go. In a small company you might end up activating all of them, in an enterprise level compamy you might end up not activating any extra because you already have them in other / better hardware. Say the "http load balancer". If you need such a feature you surelly wont activate anithing but that getting a cheap "HTTP Alteon equivalent", but if you are a big company with lots of bucks you would already have an Alteon or Cisco or whatever. I dont think Linux (Leaf) can compete with such hardwarem but htey lack the flexibility. So we give you the "swish army knife firewall" :) You have plenty of features on it, and you decide wich ones to use. > I'm sure many of us would contribute when and if we have the time! I know, its just we had a very sad experience with our LUG. Leaf is already a quite active development community. > > Things we are planning to add in the near feature: > > > > 1) Bridge functionality. Yes, this is done with Bering but we have > > never done it, need to learn how to do it. > > 2) Proxy ARP - the same > > There are many of us using both of these options. The proxy-arp is > easy to test if you don't mind opening the server to the internet less > securely IMHO. The bridge option simply uses the box as a hub. It > can be used to tie together tp-10/100, bnc, fiber, etc..., however > tp-to-tp testing would be adaquate. > > > 3) HTTP load balancer.- We are just awaiting somebody will pay us > > to do this :) > > 4) SNORT, inline SNORT, high availability (heartbeat), .... > > David D/Oxygen has a snort package available, though I have > not used it personally. We have a volunteer that is working in this side. We might end up with a snort sensor or in other option with hogwash to make a "inline IDS" capable of dropping packages based on IDS signatures (only way to protect an exploitable server). > Many of us are doing this, in various degree's. Best of luck to > succeeding in your project, I hope to someday do the same > successfully! Yes I know, is the beaty of OS. We all try to compete in the same business but at the same time need to colaborate :) Here in Spain Barahona, one of the OS evangelists gies a little talk just of that and is really incredible. Also, is quite easier to get real knowledge because you end up knowing how the guts of it go. Regards -- Jaime Nebrera Herrera [EMAIL PROTECTED] ------------------------------------------------------- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
