What's up, prox
Evan Leibovitch
evan-ieNeDk6JonTYtjvyW6yDsg at public.gmane.org
Fri May 25 02:42:27 UTC 2007
Hi folks,
Management at a client is noticing a few employees doing a few things with
their time that they ought not to be doing.
This let to a suggestion of a system that will
- force web browsing through a Squid/dansguardian setup
- either block MSN or force it through 'msngrep', based on internal IP address
- probably toss in some intrusion detection for good measure
While the client already has a Symantec firewall appliance in place, I
thought that a Linux-based firewall system would be the best way to
implement this in a manner that could not be circumvented by users.
Just do the rules to force selected traffic through the appropriate
proxies.
This leads to a few choices:
1) Ubuntu or Smoothwall?
Is it better to get and hack a distribution designed solely to be a
firewall, or to set up a general purpose distro to be one? The reviews of
Smoothwall look interesting, however it seems that the free version misses
some of the features I want ("SmoothGuardian" is part of the commercial
non-free enhanced product). I look at
http://www.smoothwall.net/products/comparison.gpl.php and fear that the
GPL version is just a bit too crippled -- and that making changes that
deviate from the core not only makes support difficult, but also require
command-line tuning that's the opposite of the system's whole GUI-friendly
approach. Dan's Guardian is just another package in the Ubuntu repository
universe.
2) If Ubuntu: shorewall, firestarter or something else?
If I choose to use a general purpose distro for my platform, there are a
number of possible front ends to iptables. Does anyone here have
experience with (or better, a logic-based preference) the shorewall,
firestarter or other iptables frontends?
3) Is there a better approach to doing this?
Thanks for any suggestions.
- Evan
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list