Re: [fw-wiz] VM system for firewall use

From: Paul D. Robertson (
Date: 10/12/04

  • Next message: Paul D. Robertson: "Re: [fw-wiz] VM system for firewall use"
    To: ArkanoiD <>
    Date: Tue, 12 Oct 2004 10:32:34 -0400 (EDT)

    On Tue, 12 Oct 2004, ArkanoiD wrote:

    > .and did i get it right TrustedBSD-stable is already inside FreeBSD 5?

    At least MAC and attributes seem to be in there- down to the tcp/udp and
    port level- not sure about raw sockets but labeling an interface looks
    pretty straight forward. There seems to be a fairly good "feature added
    to TrustedBSD, then migrated to 5.x" progression going on. I'd probably
    look at 5.1 as a platform if I had to roll one out soon.

    Caveat: I don't know anyone who's running 5.x in production, but this
    looks like it might be a good time to start leaning that way. The docs
    look reasonable so far. Check with your favorite commit bit holder to get
    their take on FBSD 5.x overall.

    Single and multiple labels are supported, and you get MAC on the VM
    infrastructure too. Most of the important buzzwords are there,

    Interesting observation from the MAC partition module docs:

    "A really crafty implementation could have all of the services disabled in
    /etc/rc.conf and started by a script that starts them with the proper
    labeling set."

    I think the docs are better than any I've seen in quite some time (though
    the dev stuff is MIA,) you'll want to glance at least at:

    to see if this is a good path for you.

    Paul D. Robertson "My statements in this message are personal opinions which may have no basis whatsoever in fact." Director of Risk Assessment TruSecure Corporation
    firewall-wizards mailing list

  • Next message: Paul D. Robertson: "Re: [fw-wiz] VM system for firewall use"