Date: Sat, 08 Feb 97 11:08:55 -0800 From: "That Doug Guy" <tiller@connectnet.com> To: "FreeBSD Questions" <FreeBSD-Questions@freebsd.org> Cc: "FreeBSD-ISP@freebsd.org" <FreeBSD-ISP@freebsd.org> Subject: Packet filtering help please Message-ID: <199702081909.LAA11891@smtp.connectnet.com>
next in thread | raw e-mail | index | archive | help
Howdy, :-) I (still, *cough*) need information on packet filtering. I looked at LINT, and found this about bpf: # The `bpfilter' pseudo-device enables the Berkeley Packet Filter. Be # aware of the legal and administrative consequences of enabling this # option. The number of devices determines the maximum number of # simultaneous BPF clients programs runnable. The man page for bpf was helpful, but went over my head sooner than I would have liked. :) Where can I find more information (starting at a less ethereal level :) regarding what bpf is good for, and exactly what the dangers are? The last time I asked, the best info I got was that for my purposes (occasional filtering of nuisance hosts) enabling the firewall option in the kernel, and using ipfw would be my best bet. This issue has become somewhat more urgent as our system is being attacked by a pesky (and persistent) 15 year old. I never did receive an answer on how much overhead (cpu is the biggest consideration) this will add to my system. Also, where can I find more info on how to construct rules? (Beyond the man pages.) I will be doing this all remotely, so getting it right the first time is essential. I've heard that the O'Reilly book on TCP/IP Administration is really good.....is this kind of information included in it? I have 2 of their books already, and really like them. Please note that I'm willing to do the digging to get the info myself, but I've run out of places to look. Thanks in advance for any help you can offer, Doug
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702081909.LAA11891>