Date: Sun, 20 Aug 1995 21:55:42 -0600 From: Warner Losh <imp@village.org> To: "Raju M. Daryanani" <raju@rssd.hk.olivetti.com> Cc: dennis@et.htp.com (dennis), gryphon@healer.com, hackers@FreeBSD.ORG Subject: Re: Internet In A Box Message-ID: <199508210355.VAA02029@rover.village.org> In-Reply-To: Your message of Mon, 21 Aug 1995 10:35:39 %2B0800
next in thread | raw e-mail | index | archive | help
: If there's something better that allows more control I'd like to know about : it. We currently use ipfilt. We're quite happy with it. It is basically a replacement for ip_output. We run it on a FreeBSD 1.1.5.1R box that is on a 386DX40. It is one of the two packages that we're aware of that will filter the famous "IP-Fragment-Spoof" problem (where you send an acceptible IP fragment through, then set the offset to be 1 and overwrite the acceptible bits with naught bits). The other is very recent versions of Cisco routers. It does no sorting and has been verified as secure by testing by one of the more paranoid villagers (Dworkin Muller). He looked at screend and ipfirewall that came with FreeBSD and quickly moved on to better ground. Warner P.S. There is a company called "Spry" that sells a product called Internet In A Box for the pcs running windows.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199508210355.VAA02029>