On Tue, 2006-04-25 at 22:24 -0400, Franklin S Werren wrote: > I know it is not CentOS Build(Yet!!!) I think not likely to be ever. It's LinuxFromScratch based. It tries to be the minimal needed product to accomplish its goal. This follows the philosophy of having nothing unneeded to help reduce exposure. To make it CentOS (or any other major) distro based would open the door to "incorrect" application, causing a weakening of its protections. However, the source *is* available. But it includes only minimal packages, minimally configured kernel, etc. Fitting onto a CentOS (or similar) distro might be a lot of work. And then there is maintenance as security updates occur. And then there are security vulnerabilities introduced as non-security updates are applied. And then ... you see the picture? IPCop effectiveness severely reduced while more work is needed. Better to just do individual packages, iptables, etc. on your CentOS distro, as OP originally was thinking. That being said... see below. > but www.ipcop.org works real well > It has everything you may need > <snip> > Franklin S. Werren webmaster at bagpipes.net > <snip sig stuff> I heartily endorse IPCop if one has an old (or spare) machine laying around. IPCop is small, efficient, easily installed, easily maintained, simply configured, seems to do an excellent job, has source available if you want to mod/add to it, ... In short, a great package. I have cable broadband, Toshiba modem. IPCop on P54 200MHz, 96MB ram, three *cheap* PCI NICs (8139 and ee100 based) get me appx. 60MB/sec through cat 5 cable hooked to SMC GigaBit switch (no giga NICs installed yet, just normal 100MB FD cheapos or on-board). On a 100MHz AMD 5x86 (? 486 clone) 36MB ram, 3 old 3C509 half-duplex NICs ... 570MB/sec. IBM Aptiva, 486DX/66 32MB ram, 2 old 3C509 half-duplex NICs, 470MB/sec. I'm well pleased with it. Includes logging, multi-zone security levels, log extractions. Installable via CD-ROM or over a network. > -----Original Message----- > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf > Of Rodrigo Barbosa > <snip sig stuff> > On Tue, Apr 25, 2006 at 01:32:46PM -0700, dnk wrote: > > Can anyone recommend an opensource package (preferably something > > centos 4X compatible) that can be used on a (iptables) firewall to > > block virus/trojan, etc? And maybe something for intrusion detection? > > Intrusion Detection = Snort > > Proxy AV = HAVP > > []s > > - -- > Rodrigo Barbosa <rodrigob at suespammers.org> "Quid quid Latine dictum sit, > altum viditur" > <snip sig stuff> IMO, if you want a very good gateway/firewall package and have an old machine laying around and a few NICs, IPCop is a good way to go. Even adding only one or two small functions might be still a good decision. If you have a machine which must serve *several* other purposes as well (even being a backup to carry more load only if another machine is down), use your CentOS and apply some of the packages mentioned and do your firewall in a custom way. HTH -- Bill -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://lists.centos.org/pipermail/centos/attachments/20060426/d9b1299f/attachment-0005.sig>