On Wed, Nov 11, 2009 at 09:25:45PM -0600, David Taveras wrote: > I love OpenBSD focused security in many areas, and in the ones not > included in base there are always options in packages. > > However specifically speaking about the options to complement as an > application level firewall seems it is truly underestimated the way I > see it:
<snip> > Do I have an alternative? There are plenty of L7 tools in OpenBSD base and ports/packages to help you reach your goals. It's up to you to deploy and configure them properly for your environment. Just a few off the top of my head: relayd(8) authpf(8) net/snort www/mod_security Indeed, mod_security is only currently available for apache-1.3. But I think the lack of modsecurity-2.x is only because nobody has stepped up to complete the port, not because of any technical hurdles. HTH. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/
