Firewall Wizards mailing list archives
Re: Proxies, opensource and the general market: what's wrong with us?
From: ArkanoiD <ark () eltex net>
Date: Tue, 26 Apr 2011 04:49:51 +0400
On Mon, Apr 25, 2011 at 02:24:04PM -0700, Tracy Reed wrote:
On Sun, Apr 24, 2011 at 09:27:34PM +0400, ArkanoiD spake thusly:Now both are either extinct or forced to an ulgy low end (for opensource, it usually means having no security-centric framework,What does this mean?no common API,How would a firewall API work and what would it do? What does "common" mean in this context? Same API across multiple different firewall vendors?
A "framework" means it is not just a bunch of inconsistent code. API.. well, Gauntlet had a kind of API. Zorp does have, OpenFWTK does. A linux box with squid+squidguard+IMspector+nntpcache+greensql+dante+whatever is something else, despite the fact it can do "more".
no real code reviewDepends on what you mean by "real". I know tons of people look at the Linux firewall code.
You mean packet filter code? :-)
-- just a bunch of "functionally fit" free things installed on a linux box with some simple web interface).I don't know what "functionally fit" means either.
See above.
As for web interfaces, most of the Linux firewalls I've used (especially Shorewall, my favorite) have no web interface. I really don't want someone managing my firewall who requires a web interface. I also like to version control my firewall configs and back them up within my normal backup infrastructure which most web interfaces cannot handle.
Shorewall is just packet filter configuration frontend.
-- It is all about features and support, no free solution fits.I can understand a company wanting support for their firewall. Support costs someone's time and that quite fairly costs money. As for features, what features are the real sticking points here? Are we just comparing bullet lists or do you really *need* certain features which are lacking?
We do. Say, dealing with webmail *exactly* the same way as "classic" email protocols is a must these days.
Protocol support is not that good, no common management interface andWhat protocols are we talking about here and what are we wanting to do with them? What is an example of a commercial product that has a common management interface? What other product is it in common with?
"Common" means you may build a feature rich system using components you need. It is vendor-centric, usually, but Juniper, McAfee and even Cisco are good examples.
not really ready for enterprise which is not full of geeks at all,I would think you would want to hire a geek to operate your firewall and other security infrastructure if security was important to you.management overhead and TCO are going to jump up beyond any reasonable limit.Why?OpenDLP is just a sad joke, running a bunch of regexps against your data is not the thing to be called DLP.How do the commercial products do it?
Lots of pretty complicated ways, including endpoint data discovery, digital fingerprinting, data normalization, on-the-fly ocr and stuff.
As I am still running the OpenFWTK project, I have to admit I get little to *NO* support form Opensource community.I very rarely hear about openfwtk and I'm in the business. I know of very few companies who have deployed or want to run proxies. Most just stick with stateful packet filtering and maybe a squid/varnish proxy for http and call it a day. In order to have community support you have to have a community. There are 30 people in #shorewall on freenode.net and for nearly 10 years now there has always been someone to help out whenever I had an issue. The mailing list is quite active also. Tom Eastep does a fantastic job of running the project working with the community. openfwtk-devel at http://sourceforge.net/mail/?group_id=192764 has 7 subscribers and 10 emails in the archive over years. And no IRC channel. It is barely visible at all on the net. You don't get community support if you have no community.
Exactly how am i expected to get the community?
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Proxies, opensource and the general market: what's wrong with us? ArkanoiD (Apr 25)
- Re: Proxies, opensource and the general market: what's wrong with us? Anton Chuvakin (Apr 25)
- Re: Proxies, opensource and the general market: what's wrong with us? ArkanoiD (Apr 25)
- Re: Proxies, opensource and the general market: what's wrong with us? Marcus J. Ranum (Apr 25)
- Re: Proxies, opensource and the general market: what's wrong with us? Magosányi Árpád (Apr 27)
- Re: Proxies, opensource and the general market: what's wrong with us? Tracy Reed (Apr 25)
- Re: Proxies, opensource and the general market: what's wrong with us? ArkanoiD (Apr 25)
- Re: Proxies, opensource and the general market: what's wrong with us? Tracy Reed (Apr 27)
- Re: Proxies, opensource and the general market: what's wrong with us? ArkanoiD (Apr 27)
- Re: Proxies, opensource and the general market: what's wrong with us? David Lang (Apr 27)
- Re: Proxies, opensource and the general market: what's wrong with us? Magosányi Árpád (Apr 27)
- Re: Proxies, opensource and the general market: what's wrong with us? Tracy Reed (Apr 28)
- Re: Proxies, opensource and the general market: what's wrong with us? David Lang (Apr 28)
- Re: Proxies, opensource and the general market: what's wrong with us? Magosányi Árpád (Apr 28)
- Re: Proxies, opensource and the general market: what's wrong with us? Claudio Telmon (Apr 29)
- Re: Proxies, opensource and the general market: what's wrong with us? ArkanoiD (Apr 25)
- Re: Proxies, opensource and the general market: what's wrong with us? Anton Chuvakin (Apr 25)
- Re: Proxies, opensource and the general market: what's wrong with us? david (Apr 28)
- Re: Proxies, opensource and the general market: what's wrong with us? ArkanoiD (Apr 28)