Hacker News new | past | comments | ask | show | jobs | submit login
Zorp – Open source proxy firewall with deep protocol analysis (balasys.github.io)
98 points by dedalus on Jan 21, 2019 | hide | past | favorite | 16 comments



Anyone running something like this in a home scenario?

I kinda thought about it but the 50-100 bucks expenditure just for curiosity seems a bit heavy


Zorp GPL is free/opensource, so unless you're looking for some of the closed source features in Zorp Professional you should be able to tinker pretty heavily.


Why would you need it on a home network? Best case scenario you just add latency to all your requests.


First sentence mentions deep packet analysis for protocols like HTTP. But that's not really relevant anymore is it? Most modern websites will automatically redirect HTTP to HTTPS and then you can't apply deep packet analysis anymore. I can see some other fairly nice features here but not really enough to make me switch.


I guess it's terminating the HTTPS traffic and then proxying on to the respective server.


Yes, TLS offloading is there

https://github.com/Balasys/zorp/blob/master/lib/proxyssl.cc https://github.com/Balasys/zorp/blob/master/lib/pyx509.cc

It's able to inspect and relay the connection as well as passing it to another proxy

https://github.com/Balasys/zorp/blob/master/lib/proxystack.c...


3.2. Configuring TLS and SSL encrypted connections

https://www.balasys.hu/content/documents/zorp-gpl-guide-refe...


So why not sample via netfilter and EBPF to filter?


how is this different from squid proxy?


Squid is mainly a web caching proxy. Zorp is a next generation firewall.

The architecture is modular, and you can write plug-ins that analyse the structure of communications beyond packet headers: the content is inspected. The open source version includes out of the box support for inspecting HTTP, FTP, SMTP, POP3, Finger, Whois, Telnet (+TLS). But you can write plugins that couple the engine with anything, from an IDS such as Snort, Bro or Suricata, to something like nDPI or AssemblyLine.

https://www.ntop.org/products/deep-packet-inspection/ndpi/ https://bitbucket.org/cse-assemblyline/assemblyline

Based on the results of the analysis, you can choose to apply firewall rules.


squid also has redirectors and c-icap filters etc, firewall wise it uses the OS(e.g. iptables), so it's more than a proxy but it does not do packet-level-firewall as it depends on iptables.

looks like zorp is a all-in-one solution, hope i have time to play with it soon


In short: It's censorship software.


If I agree with you: Yep it sure is, and that's perfectly ethical for personal and corporate use. To businesses, they have a responsibility to filter what goes in and out of their network, in the interest of their customers and themselves.

If I don't agree with you: Do you think IP/port based firewalls are censorship? That any kind of cyber-border security is an affront to rights? If not, then how do you govern access as a private organization when everything is tcp/443 on AWS? Gotta know what it's going to.


Just like a kitchen knife, purpose and intent set the tone.

I am considering it as a tool to provide another layer of protection for my small business network. That would make your summary a positive for me.


It has that potential, and I'm sure that's part of the business case for it (along with the more likely concern about exfiltration of data from secure networks).

Or it could be privacy software that lets you look at data you're sending to the cloud, modify it, or prevent it altogether.

It just depends who is in control of the software.


Censoring the viruses and malware and credit card thieves from making their voices heard




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: