Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 20 Sep 1995 01:55:07 +0200 (MET DST)
From:      Ollivier Robert <roberto@keltia.Freenix.FR>
To:        freebsd-hackers@FreeBSD.ORG (FreeBSD Hackers' list)
Subject:   IP Filter version 2.8
Message-ID:  <199509192355.BAA18326@keltia.Freenix.FR>

next in thread | raw e-mail | index | archive | help

------- start of forwarded message -------
From: avalon@cheops.anu.edu.au (Darren Reed)
Newsgroups: comp.sys.sun.admin,comp.security.unix,alt.security
Subject: IP Filter version 2.8
Date: 16 Sep 1995 02:05:02 +1000
Organization: Coombs Computing Unit, ANU


Announcing IP Filter version 2.8

What is IP Filter ?

Quick answer:  a free packet filter which can be incorporated into any of
the supported operating systems, providing IP packet level filtering per
interface.

What's that mean to me ?

It means you can build it into your network servers which have more than
a single ethernet interface to protect your servers and internal networks
from IP spoofing and other attacks which defeat service level access control
methods.

Also, if you're confident enough, you can use this package to help build
your own firewall.  I'd recommend using the TIS Firewall Toolkit in
conjunction with this package if you think you're capable of this.

For more information, details and examples of filter rules, see:

http://coombs.anu.edu.au/~avalon/ip-filter.html

New to this release:

* Solaris 2.4 (on ethernet interfaces ONLY) is now supported except for the
  return-rst and return-icmp options; 

* Can now (optionally) log the first 128 bytes of a packet (if present),
  including the packet header; 

* ipmon can now generate log entries with names in place of numerical
  hostname and port data by using the -N command line option;

* ipmon can now optionally log output through syslog using the new -s command
  line option;

* IPSO Basic Security Options filtering; 

* In-kernel filtering can be turned on/off; 

* Regression testing to check the correctness of the filter; 

* IP test program (ipsend) is now included with the package to allow the
  administrator to send arbitary IP packets, or replay packet sequences
  at the filter - runs on Linux, *BSD, Solaris2 and SunOS 4.1.x;

* Compacts IP header into a directly filterable form;

* Three-way filtering results, allowing packets which don't match any rule
  to be counted and subjected to a general policy of denial or permission;

* Perl script suggesting rules (and other changes needed) that you'll need
  to protect yourself from IP spoofing.

darren
------- end of forwarded message -------

-- 
Ollivier ROBERT    -=- The daemon is FREE! -=-    roberto@keltia.frmug.fr.net
 FreeBSD keltia.Freenix.FR 2.2-CURRENT #1: Sun Sep 10 18:50:19 MET DST 1995



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199509192355.BAA18326>