Return to BSD News archive
Xref: sserve comp.security.unix:12756 comp.sys.sun.admin:46736 comp.sys.sun.apps:10238 comp.unix.bsd.netbsd.misc:289 Newsgroups: comp.security.unix,comp.sys.sun.admin,comp.sys.sun.apps,comp.unix.bsd.netbsd.misc Path: sserve!newshost.anu.edu.au!munnari.oz.au!cs.mu.OZ.AU!darrenr From: darrenr@arbld.unimelb.edu.au (Darren Reed) Subject: IP Firewall s/w for SunOS 4.1.x Message-ID: <darrenr.800119784@ledoux> Sender: news@cs.mu.OZ.AU (CS-Usenet) Organization: Computer Science, University of Melbourne, Australia X-Newsreader: NN version 6.5.0 #13 Date: Wed, 10 May 1995 15:29:44 GMT Lines: 17 I've just finished work on version 2.6 of my IP filter and I'm almost 100% happy with fragment handling - although it hasn't really changed since 2.5. For more details, see: http://cheops.anu.edu.au/~avalon/ip-filter.html ftp://coombs.anu.edu.au/pub/net/kernel/ip_fil2.6.tar.gz ...the % that isn't happy with fragment handling is that depending on the reassembly implementation, it may or may not be safe to filter on "established" (or any other) bits in the TCP header, regardless of whether they are present or not. Cheers, Darren