Speaking as a disgruntled user :-),
Shortly after fwtk version 1.3 was released, I made some changes
to make the code more portable (more compliant with POSIX.1), to get it
running under Solaris. In the process I fixed several bugs detected
simply by using an ANSI C compiler, and mailed the new distribution to
you (Fred) and mjr just after Thanksgiving 1994.
Marcus' response was basically "thanks, but we're too busy to look at it",
and it never appeared as part of the official distribution, or under a
contrib directory. I have privately emailed copies to several people
who asked about Solaris and to a couple who asked about AIX and HP/UX
versions, in an attempt to get the code as portable (and #ifdef -free!)
as possible. But your license agreement prohibits anyone else from
distributing modified code, so that version couldn't be put up for ftp
anywhere besides your site.
So, I sympathize with the sentiment that TIS should either put some
effort into maintaining fwtk, or release it so that a net-fwtk could
be maintained by the user community. I'm happy to hear that you will
be releasing a new version, and that you are willing to discuss things.
But I'm skeptical that TIS will ever allow fwtk to compete with Gauntlet.
I suspect that new features (SSL support, html-based administration,
VPNs, RADIUS support, or whatever) will always be suppressed for long
enough to give Gauntlet a market edge, even if the necessary code is
contributed by the users.
If SOS Freestone turns out to be more "open" than fwtk (even if it starts
out only equally capable), I suspect it will attract quite a following.
> Date: Thu, 25 Jan 1996 21:57:00 -0500
> To: Bill Stout <bstout @
com>, Firewalls @
> From: Frederick M Avolio <avolio @
> Subject: Re: SSL and S-HTTP Proxy Status (as of 11 January 1996)
> Cc: fwtk-users @
> Since no one from TIS was there it is strange to hear something about us
> abandoning the FWTK. Anyway, I was planning on talking about this with
> anyone who showed up at Uniforum.
> I understand how people could have that impression. We've been busy. At the
> last count the FWTK has been retrieved by over 15,000 distinct sites.
> We have not abandoned it, and will have another release soon. We're just
> getting Gauntlet Firewall Vers 3.1 out the door. (See www.tis.com) We
> intend to release a version of the FWTK and will discuss it soon on the
> appropriate mailing list.
> More info next month. If there is interest in discussing this further,
> perhaps the disgruntled folks would like to lead a discussion on the
> fwtk-users mailing list. I'm happy to discuss it there.
>At 02:49 PM 1/25/96 PST, Bill Stout wrote:
>> From what I heard, SOS will soon release a version of Freestone which has
>> SSL proxy capability, plus telnet-gw and ftp-gw which actually works.
>> The USENIX firewall group meetings I attended yesterday grumbled that TIS
>> abandoned fwtk, and is no longer maintaining fwtk proxies for new
>> applications and protocols. Rumor has it SOS Freestone will have a fwtk
>> migration tool for disgruntled fwtk users.