Has anybody an suggestions for a good, that is fast, Linux firewall, sharing 
an internet connection with young users it'd be nice to be able to restrict 
their p2p applications and voip or skype applications and actually be able 
to see how much of the total amount they are individually using.
I played about with gnatbox and smoothwall when they first came out, but 
things seem to have moved on a lot since then.

-- 
Vista: the hd dvd player that thinks it's an operating system

jasee wrote:

> Has anybody an suggestions for a good, that is fast, Linux firewall,
> sharing an internet connection with young users it'd be nice to be able to
> restrict their p2p applications and voip or skype applications and
> actually be able to see how much of the total amount they are individually
> using. I played about with gnatbox and smoothwall when they first came
> out, but things seem to have moved on a lot since then.
> 

I've considered doing something similar using http://www.ipcop.org/ but
haven't got a round-tuit yet.

-- 
Geoff                                           Registered Linux user 196308
Replace bitbucket with geoff to mail me.

jasee wrote:
> Has anybody an suggestions for a good, that is fast, Linux firewall, sharing 
> an internet connection with young users it'd be nice to be able to restrict 
> their p2p applications and voip or skype applications and actually be able 
> to see how much of the total amount they are individually using.

I agree with Geoffrey, re ipcop. But restricting skype is practically 
impossible - unless you can uninstall it from the users' computers. It's 
like a sophisticated virus and will find some way to use whatever port's 
available.



-- 
http://SnapAndScribble.com

jasee wrote:

> Has anybody an suggestions for a good, that is fast, Linux firewall,
> sharing an internet connection with young users it'd be nice to be able to
> restrict their p2p applications and voip or skype applications and
> actually be able to see how much of the total amount they are individually
> using. I played about with gnatbox and smoothwall when they first came
> out, but things seem to have moved on a lot since then.
> 

M0n0wall, but it's not Linux.

In article <48bb006d$0$15609$426a34cc@news.free.fr>, F8BOE wrote:
> jasee wrote:
> 
>> Has anybody an suggestions for a good, that is fast, Linux firewall,
>> sharing an internet connection with young users it'd be nice to be able to
>> restrict their p2p applications and voip or skype applications and
>> actually be able to see how much of the total amount they are individually
>> using. I played about with gnatbox and smoothwall when they first came
>> out, but things seem to have moved on a lot since then.
>> 
> 
> M0n0wall, but it's not Linux.

I wouldn't hold that against it. The BSDs seem to have a pretty good
security record, just what you want in a firewall.

	Justin.

-- 
Justin C, by the sea.

Justin C wrote:
> In article <48bb006d$0$15609$426a34cc@news.free.fr>, F8BOE wrote:
>> jasee wrote:
>>
>>> Has anybody an suggestions for a good, that is fast, Linux firewall,
>>> sharing an internet connection with young users it'd be nice to be
>>> able to restrict their p2p applications and voip or skype
>>> applications and actually be able to see how much of the total
>>> amount they are individually using. I played about with gnatbox and
>>> smoothwall when they first came out, but things seem to have moved
>>> on a lot since then.
>>>
>>
>> M0n0wall, but it's not Linux.
>
> I wouldn't hold that against it. The BSDs seem to have a pretty good
> security record, just what you want in a firewall.

Sorry, yes, should have mentioned BSD, though this is a Linux group, 
anything fast, I'm not fussy :-)
BTW AFAICT none of the firewalls mentioned so far seem to be capable of 
blocking skype, to do this is a fairly recent development in commercial 
firewalls

On 31 Aug, 21:27, Will Kemp  wrote:
> jasee wrote:
> > Has anybody an suggestions for a good, that is fast, Linux firewall, sharing
> > an internet connection with young users it'd be nice to be able to restrict
> > their p2p applications and voip or skype applications and actually be able
> > to see how much of the total amount they are individually using.
>
> I agree with Geoffrey, re ipcop. But restricting skype is practically
> impossible - unless you can uninstall it from the users' computers. It's
> like a sophisticated virus and will find some way to use whatever port's
> available.
>
> --http://SnapAndScribble.com

You may get some mileage out of blocking access to Skypes
authentication servers - for preference, use proxying instead of
firewalling. Writing a redirector for any URL with matching '*skype*'
or '*voip*' would be a good start. If you have some control over the
local machines you could even run ident locally - or use an
authenticated proxy session to reconcile the usage with the user.

HTH

C.

C. wrote:
> On 31 Aug, 21:27, Will Kemp  wrote:
>> jasee wrote:
>>> Has anybody an suggestions for a good, that is fast, Linux firewall, sharing
>>> an internet connection with young users it'd be nice to be able to restrict
>>> their p2p applications and voip or skype applications and actually be able
>>> to see how much of the total amount they are individually using.
>> I agree with Geoffrey, re ipcop. But restricting skype is practically
>> impossible - unless you can uninstall it from the users' computers. It's
>> like a sophisticated virus and will find some way to use whatever port's
>> available.
>>
>> --http://SnapAndScribble.com
> 
> You may get some mileage out of blocking access to Skypes
> authentication servers - for preference, use proxying instead of
> firewalling. Writing a redirector for any URL with matching '*skype*'
> or '*voip*' would be a good start. If you have some control over the
> local machines you could even run ident locally - or use an
> authenticated proxy session to reconcile the usage with the user.

The only way my co-sysadmin, in Kabul last year, managed to work out to 
block it was to make sure all connected machines were joined to the 
Windows domain and remotely ran a logon script that uninstalled skype 
every time they logged on to the network. (We were using SME server as 
the gateway server - and you can run windows domain logon scripts from 
that.) He put a lot of time into researching the subject, too.



-- 
http://SnapAndScribble.com

On Mon, 01 Sep 2008 06:29:48 +0100, jasee wrote:

> Justin C wrote:
>> In article <48bb006d$0$15609$426a34cc@news.free.fr>, F8BOE wrote:
>>> jasee wrote:
>>>
>>>> Has anybody an suggestions for a good, that is fast, Linux firewall,
>>>> sharing an internet connection with young users it'd be nice to be
>>>> able to restrict their p2p applications and voip or skype
>>>> applications and actually be able to see how much of the total amount
>>>> they are individually using. I played about with gnatbox and
>>>> smoothwall when they first came out, but things seem to have moved on
>>>> a lot since then.
>>>>
>>>>
>>> M0n0wall, but it's not Linux.
>>
>> I wouldn't hold that against it. The BSDs seem to have a pretty good
>> security record, just what you want in a firewall.
> 
> Sorry, yes, should have mentioned BSD, though this is a Linux group,
> anything fast, I'm not fussy :-)
> BTW AFAICT none of the firewalls mentioned so far seem to be capable of
> blocking skype, to do this is a fairly recent development in commercial
> firewalls

You think blocking it is a pain? Man, you should try 'allowing' it in 
some web filtering applications and appliances. Phew, what a nightmare.

-- 
As we travel through life it is best to be like the dog. If you can't eat 
it, or have sex with it, then p*ss on it