On Fri, Aug 17, 2007 at 08:19:50PM -0700, Chuck Kollars wrote: > >> ... If it is necessary for you to resort to > >> technical means to try to enforce this, they'll > >> find a way around it, sooner or later. > > > But both sides will learn quite a bit about > > computers and networking in the process, and that > pass me. So when I do occasionally resort to technical > means, I hit them with OVERWHELMING FORCE. I implement > several different prohibition methods all at once. > They can't tell when they've cracked one method
So, is that Chuck Kollars style, or Chuck NORRIS style? This is some pretty good advice gained from what appears to be a good bit of experience. Thank you for that, I appreciate it. Maybe it's time to do what you're talking about. One of the biggest barriers to do what the OP is attempting, I have found, is the existence of neihbors' open wireless APs. Nothing you can do about that, except maybe offer to lock it down for them. For the original poster, there is not a ton that shorewall can do to achieve what you are asking about. It's a firewall, or rather, a set of scripts that controls the IPtables firewall rules. As such, a good bit of it is pretty much on or off. You can allow access to certain networks/ports/etc. or you can deny it. Turning off particular computers' access is one thing, but to go along with Chuck's OVERWHELMING FORCE methodology, you will need to employ other tools. Some examples might be: Use squid for internet access. This proxy will give you more control of the content flowing through your router. On top of squid, put squidguard or Dansguardian for filtering, and such. I don't know much about these: http://dansguardian.org Peruse the tools at Sectools (by nmap creator Fyodor) Check http://sectools.org PacketFence (poisons the arp cache to isolate network nodes) http://www.linuxjournal.com/article/9551 Monitor AIM usage: http://www.aimsniff.com Better forums for this discussion, as we've left the Shorewall realm: comp.os.linux.networking comp.os.linux.security -- In Vino Veritas http://astroturfgarden.com
signature.asc
Description: Digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
