Re: firewall, spam and virus control in one box

From: Roger Grosswiler (roger_at_gwch.net)
Date: 06/09/05

  • Next message: Tarjei Knapstad: "Re: CUPS/OO.org weirdness - help needed!" 
    Date: Thu, 9 Jun 2005 12:40:03 +0200 (CEST)
To: "For users of Fedora Core releases" <fedora-list@redhat.com>

    > On Thu, 2005-06-09 at 08:54 +0200, Bjørn-Sverre Nøttum wrote:
    >> Is it possible to put all these applications in a fedora box, and make
    >> this
    >> a sort of a "securebox" that is filtering all in- and outgoing traffic?
    >
    > I'd recommend doing SPAM and virus filtering on the mail gateway and
    > http proxy, and running the firewall on a separate machine.
    >
    >> I have looked at spamassasin and clamav, but I am not sure if these are
    >> the
    >> best choises. And I have not found anything on how to make them work
    >> together.
    >
    > My favourite glueware between MTA and content checkers is amavisd-new.
    > It's very flexible and powerful.
    >
    > I'm using postfix/amavis/spamassassin/(various AV's) in a number of
    > sites with great success.
    >
    >> When it comes to fierwalling - is it possible to use the one that
    >> is pre-built into the fedora release?
    >
    > Absolutely, the Linux kernel firewall is as good a stateful packet
    > filter as any. I don't think Fedora is the best choice for an Internet
    > firewall, though, simply because of its short life cycle. The last thing
    > you want is stale software at your perimeter. Have a look at the free
    > RHEL variants, or even OpenBSD, which has a way cool kernel firewall
    > (pf).
    >
    > Cheers
    > Steffen.
    >
    I agree with those recommendations. Plus think about installing squid on
    your firewall, so your http trafic gets proxied. with this possibilty and
    some (i think there are just commerial ones) tools, you can also filter
    your webtraffic for viruses. i am not sure, if squidguard or dansguard
    bring those possiblities..
    Roger 

    -- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
  • Next message: Tarjei Knapstad: "Re: CUPS/OO.org weirdness - help needed!"

    Relevant Pages

    • Re: D-Link 604 Router
      ... > I can filter outbound connections using URL filtering using something ... > firewall software or hardware and no router, ...
      (comp.security.firewalls)
    • Re: Hardware Firewall Recommendation
      ... Deny Java Applets ... Web Blocker Schedule - enable/disable at programmed times ... Web Blocker non-Operational Controls (what to filter when OFF) ... block .EXE you never have to go back and update the firewall to keep ...
      (comp.security.firewalls)
    • Re: BLOCKING IPs
      ... In the NAT/Basic firewall tab, ... In the right pane of the windows, right click Network connections. ... click Inbound filter. ... > If you are using SBS 2003 Premium, you can use ISA server to block this ...
      (microsoft.public.windows.server.sbs)
    • Re: FIREWALL CHECK
      ... at all (windows firewall). ... The job of a real FW, which I don't consider some 3rd party personal FW/packet filter or even Vista's FW/packet filter to be a FW is not to stop malware. ... A packet filtering FW router, FW appliance or host based software FW running on a secured gateway computer jobs are not to be stopping a malware program running on some computer. ... In either case, it must have at least two network interfaces, one for the network it is intended to protect, and one for the network it is exposed to. ...
      (microsoft.public.windows.vista.security)
    • Re: Samba wont dance [Solved - sort of]
      ... One moment, all machines were seeing each other, I was able to print from my Windows computers to the printer that was attached to my Fedora box - I could browse shares in both directions, etc. -- then, suddenly, the connection would be lost. ... I discovered that turning off my firewall on the Fedora box would fix that; I pored through my rules over and over, but, nothing made sense -- and the strange thing was, after getting things going by turning off the firewall (there's always that Samba delay before everything settles in), I could then turn the firewall back on, and things would work for long periods of time, till again, the connection was broken. ...
      (Fedora)