Invictus Firewall

Posted in Mandriva, English, Products, Mandriva Linux 2007, Security, Release at 7:18 pm by Alexandre Solleiro

Invictus Firewall

We’ll be shipping Mandriva Linux 2007 with an extra security feature we’re very proud of: Invictus Firewall.

Invictus is latin for unconquered and the title of a famous poem by William Ernest Henley. Invictus Firewall is a redundant firewall. Drakinvictus is the wizard that will help you to configure it, in your language when available. That’s as Mandrivian as it gets.

Samir Bellabes came to me and said “Alex, I just added some sweetness to the kernel”. Samir took the ct_sync capabilities of Netfilter, that allow syncing conntrack and expect tables between the two firewalls, and the virtual IP address sharing allowed by ucarp from OpenBSD. All in all, if the master fails, the slave knows when and how to replace it, instantly. Dead simple, simple genius.

Sam is a networking and security wizard. Rumours say he’s on the right spot to know what you need to protect your network. Colleagues say his help is valuable when designing protocols to communicate with certain employees from the communication agency across the street. Anyway, here’s a diagram of what your network could look like with Invictus Firewall (click on the image to enlarge it):

Invictus Firewall diagram

So there’s the kernel trick by Sam, and there’s also Blino’s user interface. A Mandriva wizard as you love them.


Invictus Firewall is of course licensed under the General Public License. We’re making it available in Mandriva Linux Powerpack+ 2007: once you’re running the system simply launch drakinvictus to configure it.
Our Small and Medium Business clients can now safeguard their network’s first and last protection from the wild world of the Internet — the firewall — and benefit from our technical support.

If you’ll be using any other flavour of Mandriva Linux 2007, you’ll be able to install drakinvictus with urpmi or the brand new rpmdrake2.

For 2007, we wish you to remain unconquered.