Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: Re: Re: FWTK Lic Questions

Re: Re: FWTK Lic Questions

From: <kadokev_at_msg.net>
Date: Tue, 3 Oct 2000 16:26:47 -0500 (CDT)

> > It has always been the policy of TIS, Network Associates and PGP Security
> > that FWTK can be used in a commercial enviorment without having to pay
> > royalties or license fees of any form to Network Associates or PGP Security,
> > if used and implemented in the manor described above. If one wishes to
> > upgrade to a full blown version of the Gauntlet VPN Firewall, that is thier
> > choice, but not mandatory if one wishes to use FWTK in thier company.

That's a start, but it doesn't go into much detail. One one hand I'd feel more
secure if the status of FWTK were clarified, but I have a feeling that if
NAI was to clarify the license terms, it would be toward the more restrictive
interpretation. After all, their business is selling Gauntlet licenses.

> Both have always been very clear. What is *not* clear is all the
> in-between area, particularly whether it is legal to sell *consulting*
> about FWTK. Example: company X has 'signed' the license and DLed the
> FWTK; now they ask me for help configuring their inetd.conf and rc
> scripts and netperm table; may I ask a fee? And what if they ask me to
> get and apply the nospam patches? And what if they ask me to modify
> plug-gw to support encryption? And if I write patches for FWTK, what
> will be their status? Do I have to 'open source' them, under what terms,
> may I sell them, etc...

As long as you do not re-distribute patches, you never _have_ to 'open source'
your changes even under the GPL.

It does appear that you cannot sell patches for FWTK, however 'www.fwtk.org'
would appreciate it if you were to make your source available.

 
> Some months ago, I went to the SANE2000 conference in Maastricht
> (Netherlands). There was a one-day tutorial on Linux firewalls, and FWTK
> was mentionned. It got high marks for functionality and robustness, but
> then the speaker went on to say he did *not* recommend it because the
> license was overly restrictive. Whan asked to elaborate, it seemed *his*
> reading was that for-fee consulting about FWTK was not allowed.
 
This is the real question. I do not advertise for-fee consulting about FWTK,
but I do use parts of the package in my own and my consulting customer's
networks, as a small part of larger projects.

I treat FWTK like I treat GPL software- I don't charge for the software itself,
only for time, and when I develop custom enhancements on billable hours I ask
the client for permission to release my changes back to the community. Sometimes
they say yes, sometimes no.

Kevin Kadow
MSG.Net, Inc.

_______________________________________________
Firewall-wizards mailing list
Firewall-wizards_at_nfr.net
http://www.nfr.net/mailman/listinfo/firewall-wizards
Received on Oct 04 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos