For sure... I want to set the maximum size of a cached file in Webadmin, so maximum_object_size is right. My headline "5. Set HTTP-Proxy Cache Size" is a little bit confusing.
2. IMAP proxy. At the moment, ASL includes POP3 and SMTP proxies, but the IMAP mail proxy is missing, leaving a spam and virus security hole for clients that use IMAP mail connections.
hmm talking about proxies, I have another request :-) yes you guys are going to hate me.
if possible I'd like to see multi level pattern backups, so say if the patterns that got updated fail this time they either load the ones from an hour+ ago or even the day before the failed pattern that way the proxy doesn't run on completely dead pattern files so the protection is semi there still...
[ QUOTE ] hmm talking about proxies, I have another request :-) yes you guys are going to hate me.
if possible I'd like to see multi level pattern backups, so say if the patterns that got updated fail this time they either load the ones from an hour+ ago or even the day before the failed pattern that way the proxy doesn't run on completely dead pattern files so the protection is semi there still...
[/ QUOTE ]
great idea!! also a button on every menu for backup. so that one becomes able only to backup the definitions if needed and so on. or a drop down menu in backup section.
hmm talking about Netflow... it reminded me of a program...
my request "forgive me if it's already in & I over looked it" would be to be able to setup a nic as a mirror port... I think cisco names it a maintenance port or something.
It'd be nice that way 1 nic can be setup to echo all traffic into that nic so that a NTOP box can be setup on it to get an easier to read idea of where all the traffic is coming from/going to & what services are being used.
:-) that or a NTOP report right in the firewall would be nice
I've been looking at trying to setup a mirror port for some IDS stuff.
IDS daemon needs TCL, which isn't availble on ASL, so I was going to try to mirror all the traffic onto another DMZ
There are tools to do it on Linux, but the kernel must be compiled with bridging. AFAICS, ASL 5's kernel isn't.
I don't know how the transparent mode works in ASL 6, but it might be using bridging.
If so, it shouldn't be hard to get a mirror port setup.
TINC is the tool I found that can do it, assuming kernel support.
BTW, Anyone tried getting TCL working on ASL?
(I'm trying to setup SGUIL)
Well I've got another feature request as per customer requests.
when in authentication mode, they'd like to see a "Captive Portal" or so they're calling it. I'm told it's a function they've seen in m0n0 wall and would like to see in Astaro, that way if the student doesn't authenticate or tries to turn off their proxy they're forced to that page & can't get anywhere else until after they authenticate.
