Re: Content Filtering Firewall in Linux..

From: Tucker (gtucker_at_google.com)
Date: 08/18/05

  • Next message: Daniel Cross: "Re: OPIE"
    Date: Thu, 18 Aug 2005 12:49:16 -0700
    To: Andrew Rucker Jones <arjones@simultan.dyndns.org>
    
    

    Anyone have any experience with Endian?
    http://www.efw.it/wiki/index.php/Main_Page

    Looks like a pretty good All-In-One thing. I'm trying to help an old
    teacher of mine setup a small school. My goal is to have to go and
    fiddle with it as little as possible. (read as: find something easy
    enough for him to support).

    On 8/18/05, Andrew Rucker Jones <arjones@simultan.dyndns.org> wrote:
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: RIPEMD160
    >
    > Dhruv,
    > Using iptables/Netfilter for this is the wrong idea for sure. It breaks
    > the TCP connection, leaving both ends hanging. It is also very
    > susceptible to false positives. You want a real content filter. I use
    > DansGuardian (http://www.dansguardian.org/) with DansGuardian Antivirus
    > (http://sourceforge.net/projects/dgav/) and ClamAV
    > (http://www.clamav.net/) and am happy. The setup is not the easiest, but
    > the product works well. Please note that DansGuardian is free for
    > non-commercial use, but requires an inexpensive license for businesses.
    > Read the licence if in doubt.
    >
    > -&
    >
    > Soi, Dhruv wrote:
    > > Is anyone aware of such firewall in linux. I have used ipcop, iptables, shorewall and have read that applying netfilter patch to kernel for HEX search can provide such capability. Would anyone of you like to put your thoughts over it?
    > >
    > > Thanks
    > > Dhruv
    >
    > - --
    > GPG key / Schlüssel -- http://simultan.dyndns.org/~arjones/gpgkey.txt
    > Encrypt everything. / Alles verschlüsseln.
    >
    > -----BEGIN PGP SIGNATURE-----
    > Version: GnuPG v1.4.1 (GNU/Linux)
    > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
    >
    > iD8DBQFDBMjOoI7tqy5bNGMRA2KBAJ9uml8iWu6OKndladaELMkHHHeUVwCaA9ii
    > Ofg+kysO7AxgKI6X1LKlJKM=
    > =hhPv
    > -----END PGP SIGNATURE-----
    >

    -- 
    --tucker
    "Helpdesk Guide"
    I follow no one.
    

  • Next message: Daniel Cross: "Re: OPIE"