while(true){💩};

  • 0 Posts
  • 186 Comments
Joined 2 years ago
cake
Cake day: June 11th, 2023

help-circle


  • We use one of these at work! There are a couple of companies offering these solutions such as PaloAlto, Zscaler, etc. and they are typically of the “Next-Gen Firewall” variety (I.e. they scan the content of the packets rather than just routes and ports and such).

    The way they work is basically that you establish VPN connections to their endpoints, and they scan the traffic as it passes through. Like a VPN, you get a new IP address that is shared with other customers, but there is a way to pin your original IP in the packet headers if you need.

    These connections can be handled via one of a few ways:

    1. Software on the workstation (best option as it allows deeper traffic routing and control, as long as your workstations are locked down)

    2. IPSec tunnels configured on the building’s router service’s endpoints/datacenters

    3. GRE tunnels configured on the building’s router to the service’s endpoints/datacenters

    4. A physical firewall box that sits in front of your other hardware that does any of the above OR something bespoke

    Note that unless you have option 4, none of these replace traditional “dumb” firewalls. If you’re still using IPv4, you still need a NAT firewall.













  • So the open source community has a very clearly defined definition of “open” - open does not mean that you can just read the source code. Just reading helps with some trustworthiness, but in order to be afforded all of the protections and benefits of the word “open”, they require some form of ability to fork the code, and to be able to do useful things with that fork. No fork = not open. There are a ton of good reasons for this that I won’t dig into here but you can certainly find by looking up the free software foundation or the open source initiative.

    Futo is considered “source available”