From owner-freebsd-current Sat Feb 28 17:39:36 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id RAA19446 for freebsd-current-outgoing; Sat, 28 Feb 1998 17:39:36 -0800 (PST) (envelope-from owner-freebsd-current@FreeBSD.ORG) Received: from smtp03.primenet.com (smtp03.primenet.com [206.165.6.133]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA19439 for ; Sat, 28 Feb 1998 17:39:29 -0800 (PST) (envelope-from tlambert@usr04.primenet.com) Received: (from daemon@localhost) by smtp03.primenet.com (8.8.8/8.8.8) id SAA05860 for ; Sat, 28 Feb 1998 18:39:24 -0700 (MST) Received: from usr04.primenet.com(206.165.6.204) via SMTP by smtp03.primenet.com, id smtpd005845; Sat Feb 28 18:39:14 1998 Received: (from tlambert@localhost) by usr04.primenet.com (8.8.5/8.8.5) id SAA02325 for current@freebsd.org; Sat, 28 Feb 1998 18:39:15 -0700 (MST) From: Terry Lambert Message-Id: <199803010139.SAA02325@usr04.primenet.com> Subject: Patches in support of security To: current@FreeBSD.ORG Date: Sun, 1 Mar 1998 01:39:15 +0000 (GMT) X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Here are a set of patches that implement Juniper-like trusted and untrusted interfaces (the default is untrusted). They incidently bump the interface flags from 16 to 32 buts (yea!): http://www.freebsd.org/~terry/DIFF.TRUST.txt http://www.freebsd.org/~terry/DIFF.TRUST http://www.freebsd.org/~terry/DIFF.ifconfig ======================================================================= The Juniper firewall code supports the idea of trusted interfaces. These patches add the ifconfig flags "trusted" and "-trusted" in support of a "poor man's Juniper firewall". An interface may be marked trusted by root. The default is untrusted. When a interface is marked "trusted", TCP sockets may be queried to determine if they will route over trusted or untrusted interfaces. Note: this code does not take into account the possibility of asymmetric routes! The basic idea is that a daemon can determine if a connection is made via a trusted or untrusted interface, and respond accordingly. A potential use of this code is SMTP relay. If a connection is made via a trusted interface, you could allow SMTP relay, and if made via an untrusted interface, deny it. There are a lot of other possibilities, including allowing/denying VPN startup, etc., etc.. For a firewall, the interior net would be trusted and the exterior would be untrusted. This would mean (in the relay example) that trusted hosts would be permitted to relay mail through the SMTP server, and untrusted hosts would not. A server tests for "trustworthyness" of an interface by: int trusted; int trustedlen = sizeof(trusted); ... if( !getsockopt( s, IPPROTO_TCP, TCP_TRUSTED, &trusted, &trustedlen)) trusted = 0; ... if( trusted) { ... } else { ... } Note: this applies to only TCP sockets! Readers may engage in future work: (1) set the flag in the socket at connect time rather than using the route (support for asymmetric routes). (2) Allow UDP socket route queries (ie: "if I were to send a packet via this socket, where would it go?"). EOF ======================================================================= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message