Proxy firewall design.

[Darren Reed <darrenr () cyber com au>]

A common theme amongst proxy firewalls running on Unix is to limit the
exposure through use of chroot. How many of these segregate it further
such that (say) the smtp proxy uses /fw/smtp, ftp uses /fw/ftp, etc ?
I'm aware of chrooting used for WWW & mail, but I can't see why you
wouldn't use it for all of them.  For example, FWTK 2.0 doesn't support
chroot for plug-gw or x-gw but it does for all the others.  Of course,
you might even chroot to /fw first, before running any of your proxies...

Darren