Hi all, I appologise in advance if this is a little OT, but I am building a box that will serve as firewall and router for a small 'internet cafe / netcafe' and am using CentOS... So here it is: What are the best tools to be used for keeping the potential script kiddies from 'harming the Internet' :) ? I specifically want to be able to detect and prevent portscans from LAN to Internet, and any other malware activity the clients might think of. I am particularily interested in 'the CentOS way'. For example I know there is psd module in patch-o-matic for iptables to be able to do the portscan detection in firewall... but, that doesen't feel like 'CentOS way' (because I have to build a cusom kernel) unless there is some kernel (even 3rd part, unsuported/etc.) that already has this in... Also I know of the portsentry tool, but the project seems pretty much dead after Cisco bought Psyonic... and again is not on up2date's list... I intend to use Snort, though I hope that it won't share portsentry's fate and become extinct after Check Point's acquisition of Sourcefire will be completed. No FUD intended on this, optimistic views are always highly welcomed :) Luckily denyhosts has no plans of selling itself to anyone so that's one project I can safely use :) So, Open Source portscaner for CentOS... anyone... ? :) Thank you for your time and help, With respect, Alex