<quote who="Charles Heselton">
Like I said, they all provide the same outcome. They all are
glorified wrappers for iptables, so they all have the same ultimate
effect. I believe shorewall is a little more "low-level", and may
provide more of the granularity that you are probably looking for. I
haven't used shorewall, so I can't say for sure. If that one doesn't
work out, I would recommend finding/writing a script (at least) to
manage your iptables configuration. It makes for easy management and
configurability, and you also are less likely to "fat-finger"
something. ;-)
I guess I'm really afraid of missing something important when creating my
own firewall, like some spammer domains and/or IP addresses I don't know
about that I should block...
7. If you have another mail host for external mail
(administrative messages and such), configure sendmail to only
send mail internally (local system). You can configure spam
assassin if you want, but unless you're actually transferring
bulk mail, you don't really need it, nor the other 3 spam filters
you listed.
The hosts will receive email for the domain so spam filters
are required.
So, every host will be an MTA?
No but every Linux machine will. The client machines run Windows XP.
There are 3 offices at 3 different sites with 3 different domain names...
Well, once you get the general gist down, you can break it up and
simplify it into a checklist. Someone else mentioned that security
is an attitude. This is true. It's a way of thinking about how you
manage your systems. Identify your critical assets, i.e. what data
are you trying to protect? Then, build your protection scheme from
the inside out.
I'm trying to achieve 2 things. Protect these servers from hostiles on
the Internet and protect the users from themselves (spam and content
filtering). :(
