Date: Fri, 8 Dec 2000 11:31:40 +0000 From: David Malone <dwmalone@maths.tcd.ie> To: Alwyn Goodloe <agoodloe@gradient.cis.upenn.edu> Cc: freebsd-hackers@FreeBSD.org Subject: Re: Packet Header Filtering Message-ID: <20001208113140.A21021@lanczos.maths.tcd.ie> In-Reply-To: <Pine.SOL.4.21.0012080002140.29544-100000@gradient.cis.upenn.edu>; from agoodloe@gradient.cis.upenn.edu on Fri, Dec 08, 2000 at 12:03:12AM -0500 References: <Pine.SOL.4.21.0012080002140.29544-100000@gradient.cis.upenn.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Dec 08, 2000 at 12:03:12AM -0500, Alwyn Goodloe wrote: > i) look at an ip packet header. If some conditions are met let the packet pass > otherwise reject the packet. > > ii) Look at ip packet headers of established connections and when certain > conditions are met tear down the connection. I presume you mean TCP in the second case, IP doesn't have a notion of an established connection by itself. > Obviously this isn't the kind of thing we will be using the usual > firewall software, at least not as I understand the software. What I > want to know from you FreeBSD hackers is: This sounds exactly like what regular packet filtering software like ipfw or ipf do (both have man pages). Another possibility would be to use netgraph and the ng_bpf device, which can do any filtering that the Berekley Packet Filter can do. David. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001208113140.A21021>