From owner-freebsd-hackers Sun Aug 20 21:23:22 1995 Return-Path: hackers-owner Received: (from majordom@localhost) by freefall.FreeBSD.org (8.6.11/8.6.6) id VAA12821 for hackers-outgoing; Sun, 20 Aug 1995 21:23:22 -0700 Received: from healer.com (healer-gw.Empire.Net [205.164.80.204]) by freefall.FreeBSD.org (8.6.11/8.6.6) with ESMTP id VAA12809 for ; Sun, 20 Aug 1995 21:23:04 -0700 Received: (from gryphon@localhost) by healer.com (8.6.11/8.6.6) id AAA03247 for hackers@freebsd.org; Mon, 21 Aug 1995 00:23:08 -0400 Date: Mon, 21 Aug 1995 00:23:08 -0400 From: Coranth Gryphon Message-Id: <199508210423.AAA03247@healer.com> To: hackers@freebsd.org Subject: Screend Sender: hackers-owner@freebsd.org Precedence: bulk According to dennis: > screend sucks. Try something else. Such as? I didn't like ipfw because it was convoluted to translate the rules (at least the way I look at filtering), you could not simply give it a config file, and it's easy to miss things in the rules. Says "Raju M. Daryanani" : > The problem I've got with it is that [SCREEND] doesn't allow you to screen > out incoming TCP SYN packets. That will force me to close out some ports > on which I would like to allow outgoing connections. Just block "reserved" from foreign hosts, and you're fine. Or if you have an idea how to distinguish these packets easily, we can probaly find a way to patch the source to fix this. > It also doesn't allow > me to protect the machine it's running on, since it only works on packets > that it is gating between networks. As a result I've got to use ipfirewall I have patches ported that screen the local machine, as well as allowing for screeing only the PPP interface on the local machine. -coranth ------------------------------------------+------------------------+ Coranth Gryphon | "Faith Manages." | | - Satai Delenn | Phone: 603-598-3440 Fax: 603-598-3430 +------------------------+ USMail: 11 Carver St, Nashua, NH 03060 Disclaimer: All these words are yours, except Europa...