Firewall Wizards mailing list archives
Re: VM system for firewall use
From: "Paul D. Robertson" <paul () compuwar net>
Date: Tue, 12 Oct 2004 10:32:34 -0400 (EDT)
On Tue, 12 Oct 2004, ArkanoiD wrote:
.and did i get it right TrustedBSD-stable is already inside FreeBSD 5?
At least MAC and attributes seem to be in there- down to the tcp/udp and port level- not sure about raw sockets but labeling an interface looks pretty straight forward. There seems to be a fairly good "feature added to TrustedBSD, then migrated to 5.x" progression going on. I'd probably look at 5.1 as a platform if I had to roll one out soon. Caveat: I don't know anyone who's running 5.x in production, but this looks like it might be a good time to start leaning that way. The docs look reasonable so far. Check with your favorite commit bit holder to get their take on FBSD 5.x overall. Single and multiple labels are supported, and you get MAC on the VM infrastructure too. Most of the important buzzwords are there, Interesting observation from the MAC partition module docs: "A really crafty implementation could have all of the services disabled in /etc/rc.conf and started by a script that starts them with the proper labeling set." I think the docs are better than any I've seen in quite some time (though the dev stuff is MIA,) you'll want to glance at least at: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac-implementing.html http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac-examplehttpd.html to see if this is a good path for you. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: VM system for firewall use, (continued)
- Re: VM system for firewall use Paul D. Robertson (Oct 12)
- Re: VM system for firewall use Christopher Hicks (Oct 12)
- Re: VM system for firewall use Christopher Hicks (Oct 12)
- Re: VM system for firewall use Paul D. Robertson (Oct 12)
- Re: VM system for firewall use Marcus J. Ranum (Oct 12)
- Re: VM system for firewall use Bennett Todd (Oct 12)
- Re: VM system for firewall use Ng Pheng Siong (Oct 14)
- Re: VM system for firewall use Crispin Cowan (Oct 17)
- Re: VM system for firewall use Christian Kreibich (Oct 12)
- Re: VM system for firewall use Paul D. Robertson (Oct 12)
- Re: VM system for firewall use Paul D. Robertson (Oct 12)