Return to BSD News archive
Xref: sserve comp.sys.sun.admin:44595 comp.sys.sun.misc:17893 comp.security.unix:11291 comp.unix.bsd.freebsd.misc:72 comp.unix.bsd.netbsd.misc:18 Newsgroups: comp.sys.sun.admin,comp.sys.sun.misc,comp.security.unix,comp.unix.bsd.freebsd.misc,comp.unix.bsd.netbsd.misc Path: sserve!newshost.anu.edu.au!harbinger.cc.monash.edu.au!bunyip.cc.uq.oz.au!munnari.oz.au!cs.mu.OZ.AU!darrenr From: darrenr@arbld.unimelb.edu.au (Darren Reed) Subject: Internet Packet Filter for SunOS 4.1.x/xBSD Message-ID: <darrenr.795413282@ledoux> Sender: news@cs.mu.OZ.AU (CS-Usenet) Organization: Computer Science, University of Melbourne, Australia X-Newsreader: NN version 6.5.0 #13 Date: Fri, 17 Mar 1995 04:08:02 GMT Lines: 53 Internet Packet Filter for SunOS 4.1.x/NetBSD/FreeBSD ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I'd like to announce the most recent results of my efforts in writing an IP packet filter for Unix servers/workstations. Why would you need it ? * Allows you to protect your subnets against IP spoofing (the most recent `attack' against as used by Kevin Mitnick) where you have Unix doing IP routing; * Allows you to build a firewall using your existing SunOS/*BSD setup without needing to purchase expensive software/hardware. Recent featurisms added include: * optional returning ICMP error packets for "blocked" packets (a per-rule option, allowing some rules to block packets silently and others with a returned ICMP packet); * "short" TCP packets (which can be deficient in various TCP header details) can be filtered out - short UDP/ICMP packets are just dropped and logged as a matter of course - by default "short" packets are NOT checked against port values/TCP flags; * fragmented IP packets can be selectively filtered; * TCP/UDP packets can be grouped together for filtering on ports; * ipftest (largely as yet undocumented :/) will read in either tcpdump/ etherfind output (text) or snoop binary output (see recent RFC) and apply a ruleset against each IP packet found therein; (good for testing your rules before you "commit" yourself) * The "log reader", which reads the log "output device", has been updated to show which rule and the result (block/pass/log) of the filtering at the stage it was logged. Also, ICMP headers are now expanded out properly. How do I get it to work ? * Follow the instructions on installing the kernel patches, rebuild your kernel and use "modload" to load the packet filter. From there on, it is upto you and what you want to do with it. Where can I get it to check out ? coombs.anu.edu.au:/pub/net/kernel/ip_fil2.5.tar.Z coombs.anu.edu.au:/pub/net/kernel/ip_fil2.5.tar.gz Cheers, Darren