[CentOS] [OT maybe] netcafe firewall
craigwhite at azapple.com
Mon Mar 20 14:50:24 UTC 2006
On Mon, 2006-03-20 at 13:33 +0200, Alexandru E. Ungur wrote:
> Hi all,
> I appologise in advance if this is a little OT, but I am building
> a box that will serve as firewall and router for a small 'internet
> cafe / netcafe' and am using CentOS...
> So here it is:
> What are the best tools to be used for keeping the potential
> script kiddies from 'harming the Internet' :) ? I specifically want
> to be able to detect and prevent portscans from LAN to Internet, and
> any other malware activity the clients might think of.
> I am particularily interested in 'the CentOS way'. For example I
> know there is psd module in patch-o-matic for iptables to be able
> to do the portscan detection in firewall... but, that doesen't
> feel like 'CentOS way' (because I have to build a cusom kernel)
> unless there is some kernel (even 3rd part, unsuported/etc.) that
> already has this in...
> Also I know of the portsentry tool, but the project seems pretty much
> dead after Cisco bought Psyonic... and again is not on up2date's list...
> I intend to use Snort, though I hope that it won't share portsentry's
> fate and become extinct after Check Point's acquisition of Sourcefire
> will be completed. No FUD intended on this, optimistic views are always
> highly welcomed :)
> Luckily denyhosts has no plans of selling itself to anyone so that's
> one project I can safely use :)
> So, Open Source portscaner for CentOS... anyone... ? :)
> Thank you for your time and help,
why not just use a proxy server like squid?
More information about the CentOS