Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: James <wireless@×××××××××××.com>
To: gentoo-user@l.g.o
Subject: [gentoo-user] Re: internet/lan access control
Date: Thu, 27 Oct 2005 14:17:34
Message-Id: loom.20051027T154624-342@post.gmane.org
In Reply to: Re: [gentoo-user] Re: internet/lan access control by John Jolet
1 John Jolet <john <at> jolet.net> writes:
2
3
4
5 > > http://www.gentoo.org/doc/en/security/
6 > > security-handbook.xml?part=1&chap=12#doc_chap1
7 > > The section on Squid would apply particularly to you.
8
9
10 > > In this case, my policy states:
11 > > * Surfing (HTTP/HTTPS) is allowed during work hours (mon-fri 8-17 and
12 > > sat 8-13), but if employees are here late they should work, not surf
13 > > * Downloading files is not allowed (.exe, .com, .arj, .zip, .asf, .avi,
14 > > .mpg, .mpeg, etc)
15 > > * We do not like banners, so they are filtered and replaced with a
16 > > transparent gif (this is where you get creative!).
17 > > * All other connections to and from the Internet are denied.
18
19 > would it be possible to see an example of the squid config that does this?
20
21 As stated above:
22 www.gentoo.org/doc/en/security/security-handbook.xml?part=1&chap=12#doc_chap1
23
24
25 I'm still testing my raw setup of iptables. When I'm done and
26 somewhat satisfied
27 with my iptables setup, then, I'll be drilling into the Application Level Gateway
28 implementaion, squid being one possibility. I intend
29 to document what I end
30 up with, as most of what's on the net is old/dated and
31 does not use the latest
32 features of iptables or they are trite examples such as a
33 dual ethernet based
34 firewall....
35
36 Hopefully, google & searches will return many examples of ALG setups,
37 but, they may not be specific enough to Gentoo.........
38 If sufficient examples do not exist, we should share information on this
39 list, and create a detailed, Gentoo Specific web page for
40 iptables howto + ALG howto, as they need to work together
41 with tight synchronization.
42
43 Yet others may suggest shorewall + squid, but, I do not have any
44 interest in shorewall. IPfilter/netfilter, is portable (somewhat)
45 to embedded linux systems and other embedded derivatives,
46 and that is my ultimate focus.
47
48
49
50 hth,
51 James
52
53
54
55
56
57
58 --
59 gentoo-user@g.o mailing list
Report Message
Find on MARC Find on Google Groups