Quote:
Originally Posted by bondoq
i am using linux server ( fedora core 5 ) and the local network is using windows xp
how to protect my local network from spam,viurus and the trojans ?
can i use iptables and squid to do that ?
|
Yes you can setup iptables + squid to effectively do this.
With squid
* disable the download access of any *.exe / *.rar / *.zip (or you could further use domain policies with samba or any other M$ domain to restrict downloading for some specificable files.
* disable all the porn & warez sites with url regular expression filtering (google.com/linux) or many LQ other queries will help you at this.
* disable all the p2p & messengers.
With iptables
* Block any new packets from your Externet network (only net established n related IN)
* Block any request going out apart from 443 & 80 port OUT to internet from your SQUID box or EXT interface.
* I dont suggest UDP packets to go out.. If you are only using SQUID at this box, you should disable UDP packets OUT apart from 53 port(for DNS).
* Use initial policies of DROP, if you are not much sure about your iptables.
* Block p2p.
Probably you'll get many threads here at LQ by a simple search of firewall & that will further assist in you deep & more at the same.
The above mentioned suggestions are just a part of actual implementation but i suggest them as a MUST & you should further tune your firewall up as you gotta learn it while going through documentation & LQ threads.
__________________
With best regards,
Amit..
--
Quote:
Originally Posted by Albert einstein
Imagination is more important than knowledge. Knowledge is limited. Imagination encircles the world.
|
--
RSYNC tutorial :
http://www.amitsharma.linuxbloggers.com/how_to_rsync.htm
FIND command tutorial :
http://amitsharma.linuxbloggers.com/how_to_find.htm
Samba tutorial :
http://www.amitsharma.linuxbloggers.com/how_to_samba.htm
Port forwarding tutorial:
http://amitsharma.linuxbloggers.com/portforwarding.htm