best linux firewall with p2p blocking and wireless-cafe/WI..

G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

Hello,

I'm going to setup a good firewall for a university wifi network. For
legal reasons we need to block P2P traffic. We also would like to
redirect new users to a sign-in page on first use (similar to wayport
or other wireless cafe type setups) in order to control access to the
network.

Good traffic monitoring capabilities (on the IP/mac level) would be a
plus as well (something similar to ntop)

I'm planning on going with IPCop and tweaking it, but does anyone else
have any better suggestions?


--Matt
 

Erik

Distinguished
Dec 7, 2003
163
0
18,680
Archived from groups: comp.security.firewalls (More info?)

On 27 Jul 2004 23:06:31 -0700, the right honourable mmucklo@yahoo.com
(Matthew Mucklo) wrote:

>Hello,
>
>I'm going to setup a good firewall for a university wifi network. For
>legal reasons we need to block P2P traffic. We also would like to
>redirect new users to a sign-in page on first use (similar to wayport
>or other wireless cafe type setups) in order to control access to the
>network.
>
>Good traffic monitoring capabilities (on the IP/mac level) would be a
>plus as well (something similar to ntop)
>
>I'm planning on going with IPCop and tweaking it, but does anyone else
>have any better suggestions?
>
>
>--Matt


Linux with IPTables is good.

Start by closing the FW completely, then add rules to open it for only
the stuff you want to allow.

look at http://www.realworldlinuxsecurity.com
He's written a nice book on security.

Prepare to study a LOT.

Have a look at SNORT for intrusion detection.


frgr
Erik
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

On Wed, 28 Jul 2004 at 06:06 GMT, Matthew Mucklo <mmucklo@yahoo.com> spewed
into the usenet group comp.security.firewalls:
> Hello,
>
> I'm going to setup a good firewall for a university wifi network. For
> legal reasons we need to block P2P traffic. We also would like to
> redirect new users to a sign-in page on first use (similar to wayport
> or other wireless cafe type setups) in order to control access to the
> network.

Sounds like you want nocat ( http://nocat.net/ )

>
> Good traffic monitoring capabilities (on the IP/mac level) would be a
> plus as well (something similar to ntop)

Just use nocat on Linux, then run ntop and iptables on it.

Devdas Bhagat