Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 21 Sep 1995 11:13:01 -0700
From:      Paul Traina <pst@cisco.com>
To:        avalon@cheops.anu.edu.au, security@freebsd.org
Subject:   IP Filter version 2.8
Message-ID:  <199509211813.LAA12006@puli.cisco.com>
In-Reply-To: roberto@keltia.freenix.fr's message of 19 Sep 1995 15:55:07 PST

next in thread | raw e-mail | index | archive | help
Should we be incorporating Darren's new code into FreeBSD?  It makes
more sense to do that than to continue with Ugen's work on top of
the old code.

However, I know that Darren has license issues that need to be resolved.
Is there some way we can get this good code into the base distribution of
FreeBSD in a fashion that will be acceptable to both him and us?

Paul

   Path: cronkite.cisco.com!newsgate.cisco.com
   From: roberto@keltia.freenix.fr (Ollivier Robert)
   Newsgroups: cisco.external.bsd.free.hackers
   Date: 19 Sep 1995 15:55:07 PST
   Sender: owner-hackers@FreeBSD.ORG
   Organization: Internet-USENET Gateway at cisco Systems
   MIME-Version: 1.0
   Content-Type: text/plain; charset=ISO-8859-1
   Content-Transfer-Encoding: 7bit
   Lines: 70


   ------- start of forwarded message -------
   From: avalon@cheops.anu.edu.au (Darren Reed)
   Newsgroups: comp.sys.sun.admin,comp.security.unix,alt.security
   Subject: IP Filter version 2.8
   Date: 16 Sep 1995 02:05:02 +1000
   Organization: Coombs Computing Unit, ANU


   Announcing IP Filter version 2.8

   What is IP Filter ?

   Quick answer:  a free packet filter which can be incorporated into any of
   the supported operating systems, providing IP packet level filtering per
   interface.

   What's that mean to me ?

   It means you can build it into your network servers which have more than
   a single ethernet interface to protect your servers and internal networks
   from IP spoofing and other attacks which defeat service level access control
   methods.

   Also, if you're confident enough, you can use this package to help build
   your own firewall.  I'd recommend using the TIS Firewall Toolkit in
   conjunction with this package if you think you're capable of this.

   For more information, details and examples of filter rules, see:

   http://coombs.anu.edu.au/~avalon/ip-filter.html

   New to this release:

   * Solaris 2.4 (on ethernet interfaces ONLY) is now supported except for the
     return-rst and return-icmp options; 

   * Can now (optionally) log the first 128 bytes of a packet (if present),
     including the packet header; 

   * ipmon can now generate log entries with names in place of numerical
     hostname and port data by using the -N command line option;

   * ipmon can now optionally log output through syslog using the new -s command
     line option;

   * IPSO Basic Security Options filtering; 

   * In-kernel filtering can be turned on/off; 

   * Regression testing to check the correctness of the filter; 

   * IP test program (ipsend) is now included with the package to allow the
     administrator to send arbitary IP packets, or replay packet sequences
     at the filter - runs on Linux, *BSD, Solaris2 and SunOS 4.1.x;

   * Compacts IP header into a directly filterable form;

   * Three-way filtering results, allowing packets which don't match any rule
     to be counted and subjected to a general policy of denial or permission;

   * Perl script suggesting rules (and other changes needed) that you'll need
     to protect yourself from IP spoofing.

   darren
   ------- end of forwarded message -------

   -- 
   Ollivier ROBERT    -=- The daemon is FREE! -=-    roberto@keltia.frmug.fr.net
    FreeBSD keltia.Freenix.FR 2.2-CURRENT #1: Sun Sep 10 18:50:19 MET DST 1995



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199509211813.LAA12006>