Re: Content Filtering Firewall in Linux..
From: Andrew Rucker Jones (arjones_at_simultan.dyndns.org)
Date: Thu, 18 Aug 2005 19:43:46 +0200 To: email@example.com
-----BEGIN PGP SIGNED MESSAGE-----
Using iptables/Netfilter for this is the wrong idea for sure. It breaks
the TCP connection, leaving both ends hanging. It is also very
susceptible to false positives. You want a real content filter. I use
DansGuardian (http://www.dansguardian.org/) with DansGuardian Antivirus
(http://sourceforge.net/projects/dgav/) and ClamAV
(http://www.clamav.net/) and am happy. The setup is not the easiest, but
the product works well. Please note that DansGuardian is free for
non-commercial use, but requires an inexpensive license for businesses.
Read the licence if in doubt.
Soi, Dhruv wrote:
> Is anyone aware of such firewall in linux. I have used ipcop, iptables, shorewall and have read that applying netfilter patch to kernel for HEX search can provide such capability. Would anyone of you like to put your thoughts over it?
GPG key / Schlüssel -- http://simultan.dyndns.org/~arjones/gpgkey.txt
Encrypt everything. / Alles verschlüsseln.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----