[olug] ipf
Chris Garrity
m0ntar3 at home.com
Tue Oct 23 03:48:32 UTC 2001
I've not used iptables really, just ipf. Ipf uses a single rule-set
per invocation, does port redirection in a heart-beat, does *stateful*
filtering, and allow for a sorts of logging --- log all, log first. Also
does "return-rst" really nice --- all those cox scans get logged, and
then I put:
block return-rst in log quick on dc0 proto tcp from
24.0.0.203/24 to any
Which shows the port is closed, and not just filtered. I also do:
pass in log first quick on dc0 proto tcp from any to any port =
80 keep state
Which logs the first connect to my webserver, and the keeps state on
the connect --- for preformance.
And;
block return-icmp(port-unr) in log quick on dc0 proto udp from
any to any port = 53
Which is like return-rst for tcp, but for udp.
And lastly;
pass in quick on dc0 proto icmp from any to any icmp-type 11
http://www.obfuscation.org/ipf/
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
For help contact olug-help at bstc.net - run by ezmlm
to unsubscribe, send mail to olug-unsubscribe at bstc.net
or `mail olug-unsubscribe at bstc.net < /dev/null`
(c)2001 OLUG http://www.olug.org
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
More information about the OLUG
mailing list