If any of these questions would be more appropriate on the Shorewall mailing list, please let me know...
I have a small client (about 25 users) currently running SyGate. I will be replacing it with Bering in the next week or so and have a couple questions: 1) The client currently uses their ISP for email services and all of their users POP their mail. Is there any way to do virus scanning on the incoming email using Bering? I have email attachment scanning on the desktops but it would be nice to stop this stuff at the firewall. 2) With SyGate's logs, it will show you the web sites visited by FQDN. Is there anyway to get the Bering/Shorewall logs to display by FQDN rather than IP address? Manually resolving the IP addresses to FQDNs in order to see what web sites have been visited is a tedious process. It would be nice to look in the logs and be able to see that, for example, the user with IP address 192.168.0.20 has accessed www.playboy.com rather than 209.247.228.201. 3) On a related note to #2 above: Is there any way to blacklist/whitelist based on FQDN rather than IP address? My client only allows Internet access to a few approved sites, i.e., all sites are blacklisted unless explicitly allowed in the whitelist. SyGate does not allow whitelisting based on FQDN either, but it seems strange to me that if you want to blacklist/whitelist a site (e.g., www.siemens.com) you have to ping it for its IP address and enter that in the blacklist/whitelist. I have read the Shorewall explanation of only accepting IPs rather than FQDN, but I'm a little confused. Here's the explanation: "9. Why does Shorewall only accept IP addresses as opposed to FQDNs? FQDNs in iptables rules aren't nearly as useful as they first appear. When a DNS name appears in a rule, the iptables utility resolves the name to one or more IP addresses and inserts those addresses into the rule. So change in the DNS->IP address relationship that occur after the firewall has started have absolutely no effect on the firewall's ruleset." How is manually entering an IP address into a ruleset any more effective than entering a FQDN and hoping the DNS->IP relationship doesn't go stale? In either case, if the IP address is no longer valid, then the rule won't work. TIA! --Shawn _______________________________________________________________ Hundreds of nodes, one monster rendering program. Now that's a super model! Visit http://clustering.foundries.sf.net/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
