From owner-freebsd-security  Thu Nov 15  4:47:56 2001
Delivered-To: freebsd-security@freebsd.org
Received: from cairo.anu.edu.au (cairo.anu.edu.au [150.203.224.11])
	by hub.freebsd.org (Postfix) with ESMTP id 77D3A37B41A
	for <freebsd-security@FreeBSD.ORG>; Thu, 15 Nov 2001 04:47:53 -0800 (PST)
Received: from cairo.anu.edu.au (localhost [127.0.0.1])
	by cairo.anu.edu.au (8.12.0/8.12.0) with ESMTP id fAFClkWK025239;
	Thu, 15 Nov 2001 23:47:46 +1100 (EST)
Received: (from avalon@localhost)
	by cairo.anu.edu.au (8.12.0/8.12.0.Beta16) id fAFCljc5025237;
	Thu, 15 Nov 2001 23:47:45 +1100 (EST)
From: Darren Reed <avalon@cairo.anu.edu.au>
Message-Id: <200111151247.fAFCljc5025237@cairo.anu.edu.au>
Subject: Re: NAT vs Application layer proxy
To: Cy.Schubert@uumail.gov.bc.ca
Date: Thu, 15 Nov 2001 23:47:45 +1100 (Australia/NSW)
Cc: mike@sentex.net (Mike Tancsa), anderson@centtech.com,
	freebsd-security@FreeBSD.ORG
In-Reply-To: <200111151226.fAFCQof21790@cwsys.cwsent.com> from "Cy Schubert - ITSD Open Systems Group" at Nov 15, 2001 04:26:34 AM
X-Mailer: ELM [version 2.5 PL1]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

In some mail from Cy Schubert - ITSD Open Systems Group, sie said:
> 
> In message <5.1.0.14.0.20011112091952.06b2cb30@marble.sentex.ca>, Mike 
> Tancsa w
> rites:
> > At 08:24 AM 11/12/01 -0600, Eric Anderson wrote:
> > >What are some of the advantages/disadvantages of an
> > >application layer proxy server, versus a box running NAT
> > >with packet filtering on it (like ipfilter or IPFW)?
> > 
> > Auditing is a big one.  Also, you can do neat things like block NIMDA 
> > infected sites with Squid.
> 
> I've been playing with SquidGuard lately to filter web traffic based 
> upon content, regexp matches within domainname, and network blocks.  
> Many people at work with children have expressed interest, given that 
> an old PC (who doesn't have an old PC lying around these days) running 
> FreeBSD + IP Filter is all that is needed, not to mention one gets a 
> firewall as a bonus.  squidguard.org provides updates to the database.

IPFilter forms the base for Internet Sheriff, which was originally a hacked
squid but not any more...


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message