Re: [Security Firewall] some test comments from a working test system.

[Bret]

Florin, The thing about supporting ftwall - is to make sure the kernel has the "string match" module, and iptables support the netfilters QUEUE target. Last I knew 2.6 did not support this. Which is why I am still using a custom compiled kernel and cooker from 9.1 to do this type of filtering. But it does work very well to filter all p2p and bittorrent that I have found. Feel free to correct me if I'm wrong here... Are you saying you already have this working? Good luck! Florin wrote: Randy Welch <[EMAIL PROTECTED]> writes: Some quick comments.... 1. And this one is kind of a long standing one, partiallly due to how the install is done. It doesn't keep the time settings as entered on the base OS install. 2. It only keeps one dns entry from the base OS intstall. 3. DansGuardian won't start... Jun 4 01:25:43 adsl-209-204-139-204 dansguardian: Error reading custom image file. Jun 4 01:25:43 adsl-209-204-139-204 dansguardian: filtergroups too small Jun 4 01:25:43 adsl-209-204-139-204 dansguardian: Error parsing the dansguardian.conf file or other DansGuardian configuration files (4. something in openswan/pptpd-server or ftwall seriously seem to mess things up. I don't have them installed at the moment but I'll let you know. This is my third install of the night.) This is on a cooker based install with the latest rpms from florins site. I have some more thoughts but it's time for bed... -randy Hi Randy, and thanks for the tests, You don't have to reinstall the whole system, you can play with the rpm packages for the moment ... rpm -Uvh *naat* --force will do to upgrade the packages ... I'll have a look at what you said and come back to you ... I have also added: - netmap (routes still need to be configured by hand but hopefuly will add zebra support this weekend or static route support) - ftwall (kazaa filtering) - maclist filtering - routestopped (networks still available if shorewall is stopped) in progress: - iptables time filetring ( an iptables rule will be active from say, 15h00-17h00 - almost ready) - tcrules - almost ready - wireless support - zebra have a nice day, ____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________