Contributed by merdely on from the are-firewalls-funny? dept.
ComixWall 4.2 was released almost a week ago. As of January 11th, updated CD images are now available via torrent download. The updated ISO files contain both bug fixes based on user reports and enhancements over the original release.
The original e-mail to the OpenBSD mailing lists follows below. Links to the torrent files for the previous tracker have been deleted.
I am pleased to announce that ComixWall ISG 4.2 has been released. ComixWall is an Internet Security Gateway (ISG): FOSS UTM [Unified Threat Management] firewall running on OpenBSD, with a user-friendly web interface for administration and monitoring. ComixWall is unique, first of its kind in many ways.Highlights of this release are:
ComixWall ISG comes bundled with other software too, which are either included in OpenBSD and its ports collection or specifically ported to OpenBSD for ComixWall:
- OpenBSD 4.2-stable, i.e. includes all of the stable patches as of December
- Support for both amd64 and i386 architectures, thus there are 2 installation CD images
- Upgrade support, from ComixWall 4.1b amd64 to 4.2 amd64
- New install/upgrade scripts, based on OpenBSD installation scripts
- xbase install set stripped down to save space on the CD image and the file system
- SnortIPS: Intrusion Prevention System (IPS) based on snort alerts, totally relies on pfctl
- Snort 2.8.0.1: Intrusion Detection System (IDS), with alerts log rotate and 64-bit time stamp patches
- ClamAV 0.92: Anti-virus scanner
- DansGuardian 2.9.9.2 with clamd: Content scanning web filter
- IMSpector, CVS build as of 20071130: Message logging IM proxy which supports MSN, IRC, Yahoo, etc.
- pfw 0.7.8: Web interface for pf, patched for bugs
- Updated software packages from OpenBSD ports collection
- Additions, enhancements, and fixes to the Web Administration Interface, too numerous to list here
- Full English, partial Turkish, and even less complete Spanish support on the web interface
- Installation and System Administration Guides, both in English and Turkish
The Web Administration Interface is developed specifically for ComixWall. In most cases, you won't have to go to the command line for basic configuration of the system, but one of its most important design goals is that you can use the web interface and the command line completely interchangeably, namely it never recreates configuration files, but modifies only the specific setting you want to change within the configuration file (e.g. your custom comments remain intact). The web interface provides statistics and logs pages for most modules. Its other features are too numerous to list here.
- SpamAssassin: Anti-spam scanner
- OpenBSD spamd: spam deferral daemon
- P3scan: POP3 anti-virus/anti-spam proxy
- smtp-gated: SMTP anti-virus/anti-spam proxy
- Dante: SOCKS proxy
- Squid: HTTP proxy
- Apache Web Server (OpenBSD httpd)
- OpenBSD ftp-proxy
- DNS server
- DHCP server
- OpenSSH
- symon: System monitoring daemon
- pmacct: Network monitoring daemon
ComixWall installation is designed so that the system is configured with basic settings and usable out-of-the-box, right after first boot.
Please visit http://comixwall.org for further details and documentation.
Only bittorrent download is supported for CD iso files. You can obtain the torrent files for both amd64 and i386 archs under ComixWall 4.2 Release Downloads [go to "ComixWall 4.2_20080109 Downloads" for updated CD images] section on the project web site. Please note that ComixWall System Administration Guides (SAG), both English and Turkish, are available in the CD image too (on the System > Downloads page of the web administration interface), you don't have to download them separately from the project web site.
All of the software running on ComixWall are BSD, GPL, or similarly licensed. The web interface is released under BSD license too.
Downloads on the project web site include all of the ports packages of the software not in the OpenBSD ports collection yet. Binary packages are in the installation CD images, naturally.
Anonymous CVS is available for the latest web interface source code. You can use the CVSweb on the project web site to browse the source code too. [Also available on AnonCVS now since the release date are ports, default config files, snortips, and meta files, i.e. everything you need to build CD images.]
The project has misc@ mailing list, where you can receive announcements and get community help. (However, if possible, be sure to whitelist comixwall.org and its IP address if your MTA rejects e-mails coming from ADSL connections. Also check your Spam/Junk folder if your MTA or mail client considers such e-mail as spam.)
If you want to support the ComixWall project, please:
- Seed the torrent files
- Translate the ComixWall web interface into your native language (it's easy, and main menus and labels are enough)
- Purchase an official OpenBSD CD set, if you haven't done so yet (rhymed nicely too :)) Soner Tari, The ComixWall ISG project.
(Comments are closed)
By 5501 (86.91.41.86) on
amd64...so, it runs on soekris boards as well ? to be specific, the 5501 series ? anyone running it on Soekris boards ?
Comments
By Anonymous Coward (213.118.238.47) on
>
> amd64...so, it runs on soekris boards as well ? to be specific, the 5501 series ? anyone running it on Soekris boards ?
there is an i386 version now
By Anonymous Coward (198.175.14.194) on
By Anonymous Coward (59.167.198.132) on
Comments
By Soner Tari (81.215.105.114) soner@comixwall.org on http://comixwall.org
Well, it's a firewall, and firewalls need more than one physical interface. VMWare installation is not supported. ComixWall 4.2 SAG *is* in the CD image, which contains installation instructions too, see inside the comixwall42_webif.tar.gz. But you can download InstallationGuide from the project web site as well.
Comments
By Anonymous Coward (201.20.193.141) on
Actually, no.
If correctly setup, one can use VLANs on the same physical interface and run a perfect firewall using a single NIC. But, the switch must support VLAN tagging.
Comments
By Anonymous Coward (82.114.74.97) on
> If correctly setup, one can use VLANs on the same physical interface and run a perfect firewall using a single NIC. But, the switch must support VLAN tagging.
Can U explain a bit more? Wouldn't that throttle and affect the NIC's throughput? Thx
Comments
By Soner Tari (81.215.105.114) soner@comixwall.org on http://comixwall.org
My upstream bandwidth is very limited, 256Kb/s.
By Anonymous Coward (195.72.48.10) on
>
> Can U explain a bit more? Wouldn't that throttle and affect the NIC's throughput? Thx
>
>
No, because you would plug the nic into a 100Mb port on the switch - which would be shared between the vlans.
However, purchasing a managed switch with vlan support is going to cost a lot more than a nic card. I can't see why anyone would want to run a firewall with 1 nic.
Comments
By tedu (204.14.154.8) on
> However, purchasing a managed switch with vlan support is going to cost a lot more than a nic card. I can't see why anyone would want to run a firewall with 1 nic.
because your next hop will only talk to a single computer. and that computer is a laptop. and you want to allow another computer to use the internet. and it's 1:00am. but you do have a switch.
you don't vlan support either, any dumb switch will do. it somewhat reduces the firewallness of the setup, but nat works just fine.
By sthen (85.158.44.158) on
More than a single nic, but it can be cheaper than a multi-port nic (and you get more ports that way, and you usually need a switch anyway). SMC and Allied-Telesyn have some fairly usable web-managed switches that work with Firefox which aren't that much more expensive than a reasonable unmanaged switch (and the smaller ones are fanless, good for home/small offices). They're limited in some ways, but can handle vlan/trunk/priority queues (and unlike the effort of one well-known company, weren't carefully designed to get as little useful functionality as possible spread across as many bullet points as possible - what's the point in having a serial port and [broken] SSH console access, when you still need MSIE to configure basic things like vlans?! I suppose it avoids cutting into their parent company's higher-end products...).
By Anonymous Coward (76.250.126.209) on
By Anonymous Coward (200.68.102.49) on
>
> Actually, no.
>
> If correctly setup, one can use VLANs on the same physical interface and run a perfect firewall using a single NIC. But, the switch must support VLAN tagging.
Are you aware of broadcast storms?
By Anonymous Coward (200.55.220.2) on
By Mostafa Faridi (mfaridi) mostafafaridi@gmail.com on http://afghantux.blogspot.com
I hope I can config it work and great for my use .
but I can not find good howto about config and use comixwall.
it is possible for you give me good howto.
Comments
By Graham (219.90.200.70) on
1. RTFM.
2. Apply logic.
Comments
By gg (195.64.88.75) on
> 1. RTFM.
> 2. Apply logic.
look at the downloads files install docs page 2
http://comixwall.org/index.php?option=com_docman&task=doc_download&gid=23
By Angel (elboricua) angel@pcsupportwiz.com on http://www.bsdwizard.com
Comments
By Soner Tari (81.215.105.114) soner@comixwall.org on http://comixwall.org
Torrent tracker reports many seeders: http://comixwall.org:6969, and many people have downloaded successfully. Please be patient. Sourceforge and code.google, they all rejected my requests to increase project storage size over 100MB.
Comments
By Angel M. Ortiz (elboricua) on www.bsdwizard.com
I was able to download the torrent after some trial and error troubleshooting the connection. I think my ISP is doing some bittorrent voodoo, as I was unable to grab some linux iso via torrent either. Same problem, it would just never start, and report no seeds. I was able to download the iso using the DMZ at work. I have it installed and running. On to the config challenge.