Date: Fri, 8 Dec 2000 14:10:54 +0200 (SAST) From: Lists Account <lists@security.za.net> To: Alwyn Goodloe <agoodloe@gradient.cis.upenn.edu> Cc: freebsd-hackers@FreeBSD.org Subject: Re: Packet Header Filtering Message-ID: <Pine.BSF.4.21.0012081410050.89544-100000@security.za.net> In-Reply-To: <Pine.SOL.4.21.0012080002140.29544-100000@gradient.cis.upenn.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Look at IPF/IPFW they both have state table stuff in them, and analyzing the ip header is done by both as well. I would suggest you hack ipf to do what you want if it doesnt do it already. Cheers Andrew On Fri, 8 Dec 2000, Alwyn Goodloe wrote: > We are about to begin a little project that has the following requiremnet. > > Perform IP packet filtering in the following way : > > > i) look at an ip packet header. If some conditions are met let the packet pass > otherwise reject the packet. > > > ii) Look at ip packet headers of established connections and when certain > conditions are met tear down the connection. > > > Obviously this isn't the kind of thing we will be using the usual > firewall software, at least not as I understand the software. What I > want to know from you FreeBSD hackers is: > > i) if anyone has done something similar do you have any advice. > ii) Anyone know where I should start hacking. Would it be best to try to > hack the firewall code or the ipforwarding code.... > > Any such advise would be helpful. > > > Alwyn Goodloe > agoodloe@gradient.cis.upenn.edu > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0012081410050.89544-100000>