[Dshield] firewall help request

Tod Beardsley todb at planb-security.net
Fri Oct 3 13:12:46 GMT 2003

Roman Fomichev wrote:
> As I understand, John, you can't do nothing then packet filtering on
> linux. No stateful firewall, no proxing technologies....

Well, you're completely wrong. Modern IPTables handles state (and 
related for stateless) just fine, Squid does proxying, FreeS/WAN does 
IPSec VPN.... etc etc etc.

It does take a level of technical savvy to get going, but the hardware 
is cheap ($150 at most?) and the software is free.

"It's okay to yell 'fire' in a crowded theater
if the theater is actually on fire."
Tod Beardsley | www.planb-security.net

