From owner-freebsd-current@FreeBSD.ORG Thu Feb 9 22:06:15 2006 Return-Path: X-Original-To: current@FreeBSD.org Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1E8EB16A420 for ; Thu, 9 Feb 2006 22:06:15 +0000 (GMT) (envelope-from norgaard@locolomo.org) Received: from strange.daemonsecurity.com (59.Red-81-33-11.staticIP.rima-tde.net [81.33.11.59]) by mx1.FreeBSD.org (Postfix) with ESMTP id CD15C43D76 for ; Thu, 9 Feb 2006 22:06:03 +0000 (GMT) (envelope-from norgaard@locolomo.org) Received: from [172.16.2.1] (unknown [172.16.2.1]) by strange.daemonsecurity.com (Postfix) with ESMTP id A82272E041 for ; Thu, 9 Feb 2006 23:06:06 +0100 (CET) Message-ID: <43EBBCC5.60406@locolomo.org> Date: Thu, 09 Feb 2006 23:05:57 +0100 From: =?ISO-8859-1?Q?Erik_N=F8rgaard?= Organization: Locolomo.ORG User-Agent: Thunderbird 1.5 (X11/20060206) MIME-Version: 1.0 To: current@FreeBSD.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Feature request for IPFW X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Feb 2006 22:06:15 -0000 Hi: First, I don't use IPFW myself, so please accept my appologies if these features are present in IPFW - in that case it might be a good idea to highlight this. New legislation is under way in the EU regarding retention of traffic data (see link at bottom). The official purpose is to fight terrorism and organised crime. I shall not go into the polemics or lobbying for or against. Of course, such directives does not set legal requirements on FreeBSD as such but, businesses need technical solutions to comply with this directive. Hence, this directive may guide the choice of the technical solution, and this is why it is relevant to FreeBSD: To ensure that FreeBSD will be an option. This said, I think that these features could also be quite useful for businesses in order to investigate incidents. Who: The data retention directive requires "providers of publicly available electronic communications services or of a public communications network" to log and store traffic data. This is pretty broad, while exclusions may be adopted, this includes anything from public libraries, to large ISP's to log and store traffic data. What: Traffic data is defined as all data needed to identify the source and destination of a communication and duration. If traffic is routed through a proxy or NAT'ed this includes any "translation" data. The details are specified in the annex of the referred document, and includes MAC address of the node(s). The technical solution: For Internet communication the following must be logged: source ip, port and mac, destination ip, port, identity translation (NAT) data. Time of initiation, duration or time of termination. The gateway have access to all this information, with exception of the NAT data and duration all is supported, but: The nice solution would be to enable logging when entries are made or deleted from the NAT table. This will include all the required information with the possible exception of the MAC address. So to sum up: My request is to support logging of changes to the NAT table. When: The directive is still a proposal, and once accepted member states are usually given two years to implement it into national law. Why hurry: 1) It will be quite nice to be able to advertise FreeBSD to support the directive by the time it takes effect. 2) Some countries are ahead of time and have adopted similar legislation although the state is not clear as the enforcement may have been delayed to wait for the common rules. The proposal as is (now) can be found here: http://europa.eu.int/information_society/policy/ecomm/doc/info_centre/communic_reports/data_retention/retention_proposal_en_com_2005_0438.pdf Best regards, Erik -- Ph: +34.666334818 web: http://www.locolomo.org S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9 Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2