Re: Linux Packetfilters?
ipfwadm?
ipfwadm -F -p deny
ipfwadm -F -a d -S network-address/netmask -D network-address/netmask
ipfwadm -F -a a -S network-address/netmask -D 0.0.0.0/0.0.0.0
ipfwadm -F -a a -S 0.0.0.0/0.0.0.0 -D <your-network-address>/<your-netmask>
# Rule 1, set default policy to deny.
# Rule 2, drop packets from your net, to your net
# Rule 3, pass packets from your net, to the world
# Rule 4, pass packets from the world, to your net.
Remember that ipfwadm triggers on the FIRST rule that it finds that
matches the contents of the packet so if Rule 2 is satisfied, it should
not look further into the table and find Rule 3.
On Fri, 2 Oct 1998, Will Lowe wrote:
> We're sitting on a T1 at work which runs from our lab the rest of campus;
> we've got a dedicated machine running a packetfilter in DOS. Yes, Dos.
> Mostly if just makes sure that packets not intended for our domain don't
> enter, and packets from within our domain stay there unless they've got a
> reason to leave...
>
> Are there any equivalent, _very_stable_, packages for linux?
>
> Will
>
>
> --------------------------------------------------------------------------
> | harpo@udel.edu lowe@cis.udel.edu lowe@debian.org |
> | http://www.cis.udel.edu/~lowe/ |
> | PGP Public Key: http://www.cis.udel.edu/~lowe/index.html#pgpkey |
> --------------------------------------------------------------------------
> | You think you're so smart, but I've seen you naked |
> | and I'll prob'ly see you naked again ... |
> | --The Barenaked Ladies, "Blame It On Me" |
> --------------------------------------------------------------------------
>
>
> --
> Unsubscribe? mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
>
>
>
George Bonser
The Linux "We're never going out of business" sale at an FTP site near you!
Reply to: