John Jolet <john <at> jolet.net> writes:
> > http://www.gentoo.org/doc/en/security/ > > security-handbook.xml?part=1&chap=12#doc_chap1 > > The section on Squid would apply particularly to you. > > In this case, my policy states: > > * Surfing (HTTP/HTTPS) is allowed during work hours (mon-fri 8-17 and > > sat 8-13), but if employees are here late they should work, not surf > > * Downloading files is not allowed (.exe, .com, .arj, .zip, .asf, .avi, > > .mpg, .mpeg, etc) > > * We do not like banners, so they are filtered and replaced with a > > transparent gif (this is where you get creative!). > > * All other connections to and from the Internet are denied. > would it be possible to see an example of the squid config that does this? As stated above: www.gentoo.org/doc/en/security/security-handbook.xml?part=1&chap=12#doc_chap1 I'm still testing my raw setup of iptables. When I'm done and somewhat satisfied with my iptables setup, then, I'll be drilling into the Application Level Gateway implementaion, squid being one possibility. I intend to document what I end up with, as most of what's on the net is old/dated and does not use the latest features of iptables or they are trite examples such as a dual ethernet based firewall.... Hopefully, google & searches will return many examples of ALG setups, but, they may not be specific enough to Gentoo......... If sufficient examples do not exist, we should share information on this list, and create a detailed, Gentoo Specific web page for iptables howto + ALG howto, as they need to work together with tight synchronization. Yet others may suggest shorewall + squid, but, I do not have any interest in shorewall. IPfilter/netfilter, is portable (somewhat) to embedded linux systems and other embedded derivatives, and that is my ultimate focus. hth, James -- gentoo-user@gentoo.org mailing list
