Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 24 Sep 1998 01:52:57 -0700 (PDT)
From:      "Jan B. Koum " <jkb@best.com>
To:        Andrew McNaughton <andrew@squiz.co.nz>
Cc:        Muhammad Najib <najib@csi-x.net>, freebsd-security@FreeBSD.ORG
Subject:   Re: Firewall ...
Message-ID:  <Pine.BSF.4.02A.9809240147170.19345-100000@shell6.ba.best.com>
In-Reply-To: <Pine.BSF.3.96.980924190130.306A-100000@aniwa.sky>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Thu, 24 Sep 1998, Andrew McNaughton wrote:

>> and when I do 'ipfw show' or 'ipfw -a l' it seems likely not to show all the
>> rules that have been invoked. I wonder why.... About the ip filter, where can
>> I get it ? Is that ip filter package comes along with FreeBSD ? Please do pin
>> point me to this problem I'm having ... Thanx in advance :)
>
>I don't see anything in the packages directories.  I think it hasn't been
>long since IPfilter was gotten to work with FreeBSD.  I gather it's a port
>from Linux.
>
>Go to www.findmail.com and search for 'freebsd ipfilter'.
>
>Andrew
>

	IP filter is part of 3.0:

coredump# ipfstat
 input packets:         blocked 0 passed 5225 nomatch 3478 counted 0
output packets:         blocked 0 passed 5835 nomatch 1241 counted 0
 input packets logged:  blocked 0 passed 0
output packets logged:  blocked 0 passed 0
 packets logged:        input 0 output 0
 log failures:          input 0 output 0
fragment state(in):     kept 0  lost 0
fragment state(out):    kept 0  lost 0
packet state(in):       kept 0  lost 0
packet state(out):      kept 0  lost 0
ICMP replies:   0       TCP RSTs sent:  0
Result cache hits(in):  1747    (out):  4594
IN Pullups succeeded:   0       failed: 0
OUT Pullups succeeded:  0       failed: 0
Fastroute successes:    0       failures:       0
TCP cksum fails(in):    0       (out):  0
Packet log flags set: (0)
        none

coredump# uname -a
FreeBSD coredump.jkb.org 3.0-BETA FreeBSD 3.0-BETA #0:

	AFAIK IP filter was built for BSD systems before it was ported to
Linux and other OSes. I am sure Darren will correct me if I am wrong.

	You can also get ip filter from http://coombs.anu.edu.au/ipfilter/
and it will work on 2.2 - it just doesn't come as part of 2.2

-- Yan


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.02A.9809240147170.19345-100000>