From owner-freebsd-security  Thu Sep 24 01:53:59 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id BAA27047
          for freebsd-security-outgoing; Thu, 24 Sep 1998 01:53:59 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from shell6.ba.best.com (shell6.ba.best.com [206.184.139.137])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA27037
          for <freebsd-security@FreeBSD.ORG>; Thu, 24 Sep 1998 01:53:56 -0700 (PDT)
          (envelope-from jkb@best.com)
Received: from localhost (jkb@localhost)
	by shell6.ba.best.com (8.9.0/8.9.0/best.sh) with SMTP id BAA19855;
	Thu, 24 Sep 1998 01:52:57 -0700 (PDT)
X-Authentication-Warning: shell6.ba.best.com: jkb owned process doing -bs
Date: Thu, 24 Sep 1998 01:52:57 -0700 (PDT)
From: "Jan B. Koum " <jkb@best.com>
X-Sender: jkb@shell6.ba.best.com
To: Andrew McNaughton <andrew@squiz.co.nz>
cc: Muhammad Najib <najib@csi-x.net>, freebsd-security@FreeBSD.ORG
Subject: Re: Firewall ...
In-Reply-To: <Pine.BSF.3.96.980924190130.306A-100000@aniwa.sky>
Message-ID: <Pine.BSF.4.02A.9809240147170.19345-100000@shell6.ba.best.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, 24 Sep 1998, Andrew McNaughton wrote:

>> and when I do 'ipfw show' or 'ipfw -a l' it seems likely not to show all the
>> rules that have been invoked. I wonder why.... About the ip filter, where can
>> I get it ? Is that ip filter package comes along with FreeBSD ? Please do pin
>> point me to this problem I'm having ... Thanx in advance :)
>
>I don't see anything in the packages directories.  I think it hasn't been
>long since IPfilter was gotten to work with FreeBSD.  I gather it's a port
>from Linux.
>
>Go to www.findmail.com and search for 'freebsd ipfilter'.
>
>Andrew
>

	IP filter is part of 3.0:

coredump# ipfstat
 input packets:         blocked 0 passed 5225 nomatch 3478 counted 0
output packets:         blocked 0 passed 5835 nomatch 1241 counted 0
 input packets logged:  blocked 0 passed 0
output packets logged:  blocked 0 passed 0
 packets logged:        input 0 output 0
 log failures:          input 0 output 0
fragment state(in):     kept 0  lost 0
fragment state(out):    kept 0  lost 0
packet state(in):       kept 0  lost 0
packet state(out):      kept 0  lost 0
ICMP replies:   0       TCP RSTs sent:  0
Result cache hits(in):  1747    (out):  4594
IN Pullups succeeded:   0       failed: 0
OUT Pullups succeeded:  0       failed: 0
Fastroute successes:    0       failures:       0
TCP cksum fails(in):    0       (out):  0
Packet log flags set: (0)
        none

coredump# uname -a
FreeBSD coredump.jkb.org 3.0-BETA FreeBSD 3.0-BETA #0:

	AFAIK IP filter was built for BSD systems before it was ported to
Linux and other OSes. I am sure Darren will correct me if I am wrong.

	You can also get ip filter from http://coombs.anu.edu.au/ipfilter/
and it will work on 2.2 - it just doesn't come as part of 2.2

-- Yan


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message