*BSD News Article 43863


Return to BSD News archive

Xref: sserve comp.security.unix:12756 comp.sys.sun.admin:46736 comp.sys.sun.apps:10238 comp.unix.bsd.netbsd.misc:289
Newsgroups: comp.security.unix,comp.sys.sun.admin,comp.sys.sun.apps,comp.unix.bsd.netbsd.misc
Path: sserve!newshost.anu.edu.au!munnari.oz.au!cs.mu.OZ.AU!darrenr
From: darrenr@arbld.unimelb.edu.au (Darren Reed)
Subject: IP Firewall s/w for SunOS 4.1.x
Message-ID: <darrenr.800119784@ledoux>
Sender: news@cs.mu.OZ.AU (CS-Usenet)
Organization: Computer Science, University of Melbourne, Australia
X-Newsreader: NN version 6.5.0 #13
Date: Wed, 10 May 1995 15:29:44 GMT
Lines: 17


I've just finished work on version 2.6 of my IP filter and I'm almost
100% happy with fragment handling - although it hasn't really changed
since 2.5.

For more details, see:

http://cheops.anu.edu.au/~avalon/ip-filter.html
ftp://coombs.anu.edu.au/pub/net/kernel/ip_fil2.6.tar.gz

...the % that isn't happy with fragment handling is that depending on
the reassembly implementation, it may or may not be safe to filter on
"established" (or any other) bits in the TCP header, regardless of
whether they are present or not.

Cheers,
Darren