10.06.06
Invictus Firewall
We’ll be shipping Mandriva Linux 2007 with an extra security feature we’re very proud of: Invictus Firewall.
Invictus is latin for unconquered and the title of a famous poem by William Ernest Henley. Invictus Firewall is a redundant firewall. Drakinvictus is the wizard that will help you to configure it, in your language when available. That’s as Mandrivian as it gets.
Samir Bellabes came to me and said “Alex, I just added some sweetness to the kernel”. Samir took the ct_sync capabilities of Netfilter, that allow syncing conntrack and expect tables between the two firewalls, and the virtual IP address sharing allowed by ucarp from OpenBSD. All in all, if the master fails, the slave knows when and how to replace it, instantly. Dead simple, simple genius.
Sam is a networking and security wizard. Rumours say he’s on the right spot to know what you need to protect your network. Colleagues say his help is valuable when designing protocols to communicate with certain employees from the communication agency across the street. Anyway, here’s a diagram of what your network could look like with Invictus Firewall (click on the image to enlarge it):
Our Small and Medium Business clients can now safeguard their network’s first and last protection from the wild world of the Internet — the firewall — and benefit from our technical support.If you’ll be using any other flavour of Mandriva Linux 2007, you’ll be able to install drakinvictus with urpmi or the brand new rpmdrake2.For 2007, we wish you to remain unconquered.
Reinout van Schouwen said,
October 14, 2006 at 12:07 am
Nice, but does it come with documentation?
I consider myself an advanced user and I thought I knew what a firewall is good for, but looking at this screenshot, I have simply no clue what any of these options do.
Reinout van Schouwen said,
October 14, 2006 at 12:14 am
By the way, the Apply and Quit button position are reversed compared to most other drakxtools.
Boomer said,
October 25, 2006 at 3:00 pm
I still have to fiddle with it in deep but when I activated and configurated it trough the wizard every port seem to be still not filtered.
I feel the lack of some documentation,evenif it seems a trivial task to set it up….mhhhh
Boomer
Cambo said,
January 9, 2007 at 1:25 am
The diagram gives some idea, but what about this scenario? Instead of 2 computers can you use a single dual port NIC for failover? Or 2 nics in one computer? Can the slave failover to a further slave?
Needs documentation to explain hardware set up capabilities and each option.
pstroszka said,
January 13, 2007 at 12:52 am
Cambo said,
January 9, 2007 at 1:25 am
> …Needs documentation to explain hardware set up capabilities and each option.
Yeees, and someone (hacker) could put a horse into my PC