From owner-freebsd-hackers  Wed May 10 10:16:25 1995
Return-Path: hackers-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id KAA26699
          for hackers-outgoing; Wed, 10 May 1995 10:16:25 -0700
Received: from ensta.ensta.fr (ensta.ensta.fr [147.250.1.1])
          by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id KAA26693
          for <freebsd-hackers@FreeBSD.ORG>; Wed, 10 May 1995 10:16:20 -0700
Received: from itesec.hsc-sec.fr (itesec.hsc-sec.fr [192.70.106.33]) by ensta.ensta.fr (8.6.12/8.6.4) with ESMTP id TAA18662 for <freebsd-hackers@FreeBSD.ORG>; Wed, 10 May 1995 19:15:56 +0200
Received: from sidhe.hsc-sec.fr (roberto@sidhe.hsc-sec.fr [192.70.106.44]) by itesec.hsc-sec.fr (8.6.12/sun-1.2) with ESMTP id TAA21070 for <freebsd-hackers@FreeBSD.ORG>; Wed, 10 May 1995 19:16:09 +0200
Received: (from roberto@localhost) by sidhe.hsc-sec.fr (8.6.12/sidhe-1.2) id TAA10139 for freebsd-hackers@FreeBSD.ORG; Wed, 10 May 1995 19:15:57 +0200
From: Ollivier Robert <Ollivier.Robert@hsc.fr.net>
Message-Id: <199505101715.TAA10139@sidhe.hsc-sec.fr>
Subject: IP Firewall s/w for SunOS 4.1.x
To: freebsd-hackers@FreeBSD.org (FreeBSD Hackers' list)
Date: Wed, 10 May 1995 19:15:56 +0200 (MET DST)
Reply-To: roberto@hsc.fr.net (Ollivier Robert)
X-Mailer: ELM [version 2.4 PL23]
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Content-Length: 1073      
Sender: hackers-owner@FreeBSD.org
Precedence: bulk

FYI.

------- start of forwarded message -------
Newsgroups: comp.security.unix,comp.sys.sun.admin,comp.sys.sun.apps,comp.unix.bsd.netbsd.misc
From: darrenr@arbld.unimelb.edu.au (Darren Reed)
Subject: IP Firewall s/w for SunOS 4.1.x
Organization: Computer Science, University of Melbourne, Australia
Date: Wed, 10 May 1995 15:29:44 GMT
I've just finished work on version 2.6 of my IP filter and I'm almost
100% happy with fragment handling - although it hasn't really changed
since 2.5.

For more details, see:

http://cheops.anu.edu.au/~avalon/ip-filter.html
ftp://coombs.anu.edu.au/pub/net/kernel/ip_fil2.6.tar.gz

...the % that isn't happy with fragment handling is that depending on
the reassembly implementation, it may or may not be safe to filter on
"established" (or any other) bits in the TCP header, regardless of
whether they are present or not.

Cheers,
Darren
------- end of forwarded message -------

-- 
Ollivier ROBERT  -=-=-  Herve Schauer Consultants -=-=-   roberto@hsc.fr.net
-=-=-=-=-=- Support The Free UNIX Systems ! FreeBSD Linux NetBSD -=-=-=-=-=-