That's a great combination, but only if you're only interested in
Proxyable traffic like HTTP.
Matthew Carpenter
IT Security Specialist
Alticor Corporation
Phone: 616-787-0287
Email: matt.carpenter@alticor.com
Page Me (230 characters Max)
Email ITSS On-Call Account
-----BEGIN PGP PUBLIC KEY FINGERPRINT-----
PGP Fingerprint: 52C3 328D C29C 178B 2DFD 9EA8 C710 0042 8CB4 3CDB
-----END PGP PUBLIC KEY FINGERPRINT-----
Andrew Rucker Jones <arjones@simultan.dyndns.org> wrote on 08/18/2005
01:43:46 PM:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Dhruv,
Using iptables/Netfilter for this is the wrong idea for sure. It
breaks
the TCP connection, leaving both ends hanging. It is also very
susceptible to false positives. You want a real content filter. I use
DansGuardian (http://www.dansguardian.org/) with DansGuardian Antivirus
(http://sourceforge.net/projects/dgav/) and ClamAV
(http://www.clamav.net/) and am happy. The setup is not the easiest, but
the product works well. Please note that DansGuardian is free for
non-commercial use, but requires an inexpensive license for businesses.
Read the licence if in doubt.
-&
Soi, Dhruv wrote:
Is anyone aware of such firewall in linux. I have used ipcop,
iptables, shorewall and have read that applying netfilter patch to
kernel for HEX search can provide such capability. Would anyone of
you like to put your thoughts over it?
Thanks
Dhruv
- --
GPG key / Schlüssel -- http://simultan.dyndns.org/~arjones/gpgkey.txt
Encrypt everything. / Alles verschlüsseln.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFDBMjOoI7tqy5bNGMRA2KBAJ9uml8iWu6OKndladaELMkHHHeUVwCaA9ii
Ofg+kysO7AxgKI6X1LKlJKM=
=hhPv
-----END PGP SIGNATURE-----
