Re: Application level firewalls/proxies

Hi there,

weiner <weiner@weiner.com> writes:

>Hi all..

>Are there any application level firewall/vpn/proxy solutions for linux that
>are either roll-your-ownable or at least cheap ?

>Not the iptables, ipchains packet level stuff but the application layer
>stuff..

I don't know if its still of interest, but anyhow: I haven't seen mention
of the TIS firewall toolkit. This is a toolkit for application firewalls
employing application level proxies for tcp protocols such as HTTP, FTP,
etc. IIRC, the proxies aren't necessarily transparent.

If you're interested, check http://www.fwtk.org for further details.

So long,
Martin
--
Martin Boening, mboen@t-online.de

The meek shall inherit the earth -- they are too weak to refuse.

Martin Boening <mboen@t-online.de> wrote:
> Hi there,

> weiner <weiner@weiner.com> writes:

>>Hi all..

>>Are there any application level firewall/vpn/proxy solutions for linux that
>>are either roll-your-ownable or at least cheap ?

>>Not the iptables, ipchains packet level stuff but the application layer
>>stuff..

> I don't know if its still of interest, but anyhow: I haven't seen mention
> of the TIS firewall toolkit. This is a toolkit for application firewalls
> employing application level proxies for tcp protocols such as HTTP, FTP,
> etc. IIRC, the proxies aren't necessarily transparent.

> If you're interested, check http://www.fwtk.org for further details.

> So long,
> Martin

TIS FWTK is pretty long in the tooth (decrepit?). A search of
freshmeat (http://www.freshmeat.net/search/?q=p...tion=projects& )
returns a list of 364 matches (many of which are web filtering proxies
for blocking banner ads, etc; or IRC proxy daemons of various sorts).

That search also returns a "Category" listing: Topic:Internet:Proxy Servers
with 144 entries thereunder.

This is just for proxies. For VPNs there are many others.
(46 projects listed at Freshmeat)

For my part I'd look at the following:

Proxies:

SOCKS Like:
Dante http://www.inet.no/dante/
Delegate (http://www.delegate.org/ ) has suffered too many
vulnerabilities (simple buffer overflows) for me to recommend it.
Unless it's been completely re-written ...

Other (manually traversed, transparent with IP(fwadm|chains|tables)
redirection, etc):

ZORP http://www.balabit.com/products/zorp/
Juniper FWTK http://www.obtuse.com/open_source/

For VPNs:

FreeS/WAN: http://www.freeswan.org/
VTun: http://vtun.sourceforge.net/
CIPE: http://sites.inka.de/bigred/devel/cipe.html

I've tossed up a SysadMoin page:

http://www.starshine.org/SysadMoin/m...plicationProxy

to discuss and list a few of these.

--
Jim Dennis,
Starshine: Signed, Sealed, Delivered