FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 01-03-2008, 10:24 AM
"Indunil Jayasooriya"
 
Default iptables

Hi All,

I am running iptables on centos 4.5 and 5 boxes.

Now , I have requirements to enable below features.

Gateway level antivirus, anti spyware and intrusion preventions,
content filtering, etc.

I googled a bit. But, Still no luck to find proper Docs to enable these.

Can Iptables meet these features? If possible, Pls let me know some
documentations that say How to set up these.

Hope to hear from you.



--
Thank you
Indunil Jayasooriya
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 01-03-2008, 10:40 AM
Karanbir Singh
 
Default iptables

Indunil Jayasooriya wrote:
> Hi All,
>
> I am running iptables on centos 4.5 and 5 boxes.
>
> Now , I have requirements to enable below features.
>
> Gateway level antivirus, anti spyware and intrusion preventions,
> content filtering, etc.
>
> I googled a bit. But, Still no luck to find proper Docs to enable these.

what did you google for and what were the results ? most of what you
need to get done is better addressed on other projects lists. I suggest
you start at freshmeat.net and follow it up with the relevant project.

> Can Iptables meet these features? If possible, Pls let me know some
> documentations that say How to set up these.

neither iptables nor anything shipped in centos is going to do all that
for you.

btw, you seem to repeatedly ask very novice questions on this list,
mostly having done absolutely no research or efforts on your part. I
would recommend you change that. Also, you seem to almost never ever get
involved with or make any efforts to help people in any conversations -
thats not a very nice way to behave on mailing lists. Having been on the
list for over a year, I am sure you are competent enough to contribute
in more constructive manner.

--
Karanbir Singh : http://www.karan.org/ : 2522219@icq
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 01-03-2008, 11:52 AM
Johnny Hughes
 
Default iptables

Indunil Jayasooriya wrote:
> Hi All,
>
> I am running iptables on centos 4.5 and 5 boxes.
>
> Now , I have requirements to enable below features.
>
> Gateway level antivirus, anti spyware and intrusion preventions,
> content filtering, etc.

There are a hundred different ways to filter different things, depending
on exactly what you are trying to accomplish.

One way (that has nothing to do with CentOS) to do part of that is to
use IPCOP as your border router. (It has snort IDS, and squid filtering
built in).

Spam, antivirus, and spyware normally come in via e-mail, and
spamassassin and clamav used in conjuction with your mail server (if you
run it) or in conjunction with your e-mail client on linux can fix that.

CentOS itself does contain spamassassin, but clamav needs to be obtained
from dag.

Setting all this up is the basis for many howtos on the web ... and you
need to plan out your real goals, like:

what to stop, how that gets in now, how many users / how much traffic
(and based on that ... where to filter it and how many machines it will
take), how to integrate it with your current infrastructure, etc.

There are things like this prebuilt too:

http://www.barracudanetworks.com/

<snip>

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 01-04-2008, 05:37 AM
"Indunil Jayasooriya"
 
Default iptables

> btw, you seem to repeatedly ask very novice questions on this list,
> mostly having done absolutely no research or efforts on your part.
> I would recommend you change that.

Yes, I aggree with you. In most cases, I will have to get involved with our customeres. Due to that, I have lcak of time to research.

I aggree to change it.

>Also, you seem to almost never ever get involved with or make any efforts to help people in any conversations -
> thats not a very nice way to behave on mailing lists.
I would also like to volunteer. I know how much time you spend for other's benifit. I really appreciate you guys effort.

Anyway, I' ll try to help people in conversations.

> Having been on the list for over a year,
Yes, more than a year.

I am sure you are competent enough to contribute
> in *more constructive manner.

Yes, I will.


--
Thank you
Indunil Jayasooriya


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 01-04-2008, 08:37 AM
"Christopher Thorjussen"
 
Default iptables

> Indunil Jayasooriya wrote:
> > Hi All,
> >
> > I am running iptables on centos 4.5 and 5 boxes.
> >
> > Now , I have requirements to enable below features.
> >
> > Gateway level antivirus, anti spyware and intrusion preventions,
> > content filtering, etc.
>
> There are a hundred different ways to filter different things,
depending
> on exactly what you are trying to accomplish.
>
> One way (that has nothing to do with CentOS) to do part of that is to
> use IPCOP as your border router. (It has snort IDS, and squid
filtering
> built in).
>
> Spam, antivirus, and spyware normally come in via e-mail, and
> spamassassin and clamav used in conjuction with your mail server (if
you
> run it) or in conjunction with your e-mail client on linux can fix
that.

You may also install copfilter onto IPCOP to get pop/smtp/ftp/http
scanning (virus etc)

http://www.copfilter.org/


/Christopher
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 01-04-2008, 02:39 PM
Scott Silva
 
Default iptables

on 1/4/2008 1:37 AM Christopher Thorjussen spake the following:

Indunil Jayasooriya wrote:

Hi All,

I am running iptables on centos 4.5 and 5 boxes.

Now , I have requirements to enable below features.

Gateway level antivirus, anti spyware and intrusion preventions,
content filtering, etc.

There are a hundred different ways to filter different things,

depending

on exactly what you are trying to accomplish.

One way (that has nothing to do with CentOS) to do part of that is to
use IPCOP as your border router. (It has snort IDS, and squid

filtering

built in).

Spam, antivirus, and spyware normally come in via e-mail, and
spamassassin and clamav used in conjuction with your mail server (if

you

run it) or in conjunction with your e-mail client on linux can fix

that.

You may also install copfilter onto IPCOP to get pop/smtp/ftp/http
scanning (virus etc)

http://www.copfilter.org/


But copfilter updates are very slow. It would be nice if it could at least
keep up with clam updates.


--
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-17-2008, 09:29 AM
rambod kamaei
 
Default iptables

Dear list * we need Graphic application for work with iptables. we*will can pay mony for it.*

Best Regards, * Rambod Kamaei (PhD) CCIE, CCNP, Linux Expert. Tel:** +98 21 22643500 to 9 Cell: +98 912 2185672

Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now.--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 02-17-2008, 12:19 PM
"Colin Brace"
 
Default iptables

2008/2/17 rambod kamaei <rambodkamaei@yahoo.com>:

> we need Graphic application for work with iptables.
> we will can pay mony for it.

What about firestarter? It is in the repos. It's free!

--
Colin Brace
Amsterdam
http://lim.nl

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 02-17-2008, 01:52 PM
Alan Cox
 
Default iptables

On Sun, 17 Feb 2008 02:29:00 -0800 (PST)
rambod kamaei <rambodkamaei@yahoo.com> wrote:

> Dear list
>
> we need Graphic application for work with iptables.
> we will can pay mony for it.

yum install firestarter?

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 02-18-2008, 12:03 AM
Bill Davidsen
 
Default iptables

Strong wrote:

On Fri, 09 Nov 2007 08:17:44 +0900 John Summerfield
<debian@herakles.homelinux.org> wrote:
He posted his rules to the list. His policy is accept, but he had a
global reject that would cause the message he saw.


Where in the global reject was?


Does this help?
# service iptables stop

No. How it can help, if no route is specified?

But I have changed to this:
iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT
iptables -A FORWARD -d 192.168.0.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -j MASQUERADE


and now it works. Weird that adding the last line (without 'iptables '
at the line beginning, of course) to the iptables file did error message
at iptables restart. But loaded from command line is fine. How I can
save the rules to survive reboot? Is there a tool provided for the
iptables configuration, not system-config-security?

I personally would not take the REJECT out of the table, change the
policy to ACCEPT, or any such thing which might leave the smallest hole
for evil doers. By putting in the ACCEPT rules you can let your guest
have access. I would also not let in everything from the whole private
network, I would restrict the range and apply an interface restriction
to limit your exposure.


--
Bill Davidsen <davidsen@tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 

Thread Tools




All times are GMT. The time now is 04:33 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org