Now you can sponsor UTMFW and SSLproxy at "Buy me a coffee", thanks.dev, and

COMIXWALL
RELOADED

UTMFW: The new ComixWall

The purpose of ComixWall was to advocate the use of OpenBSD. The ComixWall ISG project was terminated in December 2009.

But I have received many requests to resurrect ComixWall since then. So, in 2016, I started working on UTMFW, which implements the ideas in my opinion paper on next generation firewalls:

Making A Case For Or Against ComixWall In The Year 2016

The final version of ComixWall is still available at the following links. This is for historical purposes only. Do not install these ComixWall versions on production systems, download UTMFW instead. Make sure the MD5 checksums are correct:

comixwall46_20091208_amd64.iso 09f1cbe02e2f4801b433ba9fab728903
comixwall46_20091208_i386.iso 1b6514d23eecd4f15c571c83c99deba9

My other FOSS projects complement UTMFW.

See the Project boards for the TODO items on important new features and capabilities in UTMFW.

UTMFW

Unified Threat Management (UTM) firewall on OpenBSD. This is the new ComixWall.

PFFW

Traditional packet filtering firewall on OpenBSD. This is the stripped down version of UTMFW.

PFRE

Packet filter rule editor for OpenBSD/pf. PFRE is integrated into UTMFW and PFFW.

SSLproxy

Transparent SSL/TLS proxy for decrypting and diverting network traffic to other programs, such as UTM services, for deep SSL inspection. SSLproxy is the only proxy that can do that.

UTMFW uses SSLproxy to decrypt and feed network traffic into its UTM services: Web Filter, POP3 Proxy, SMTP Proxy, and Inline IPS; and also indirectly into Virus Scanner and Spam Filter through those UTM software. Given that most of the Internet traffic is encrypted now, without SSLproxy it wouldn't be possible to deeply inspect most of the network traffic passing through UTMFW.

UTMFW wouldn't be a next generation firewall without SSLproxy.

See the Project boards for the TODO items on important new features and capabilities in SSLproxy.