Return to BSD News archive
Path: sserve!newshost.anu.edu.au!munnari.oz.au!sgiblab!sgigate.sgi.com!olivea!charnel!yeshua.marcam.com!news.kei.com!eff!usenet.ins.cwru.edu!agate!agate!glass From: glass@postgres.Berkeley.EDU (Adam Glass) Newsgroups: comp.os.386bsd.misc Subject: Re: NetBSD on cheap boxes Date: 14 Jan 94 17:04:32 Organization: Organization is evil. Lines: 27 Message-ID: <GLASS.94Jan14170432@sun-lamp.postgres.Berkeley.EDU> References: <2h2u3kINN6o3@ymir.cs.umass.edu> <2h63s8$4s2@smurf.noris.de> NNTP-Posting-Host: sun-lamp.cs.berkeley.edu In-reply-to: urlichs@smurf.noris.de's message of 14 Jan 1994 13:40:40 +0100 (Matthias Urlichs) writes: In comp.os.386bsd.misc, article <2h2u3kINN6o3@ymir.cs.umass.edu>, doyle@cs.umass.edu writes: > Hehe.. I bought a cheap 386sx box to run NetBSD solely as a router. Speaking of which... are there kernel patches to selectively block packets? For example, don't forward TELNET to this site, block IRC for that network, only allow SMTP to the other machine. I assume a rather quick hack to ip_forward should work; fragmented IP packets might be a problem except that the first TCP or UDP packet on any given connection almost never is fragmented. Diffs for this kind of IP-only filtering were posted by someone to the bsdi-users list. They should apply with little incident to any of the net2 derived *BSD. I believe archives of this list are publicly accessible. A better solution though would be a packet filterer based on BPF. The BPF "language" is pretty powerful, can express more powerful filters, and is not IP-only. I think this solution would be worth the additional implementation complexity. later, Adam Glass -- Adam Glass |E-mail home: glass@sun-lamp.cs.berkeley.edu |Physical : Seattle "reality is for dead birds"