On Fri, Dec 08, 2000 at 12:03:12AM -0500, Alwyn Goodloe wrote:
> i) look at an ip packet header. If some conditions are met let the packet pass
> otherwise reject the packet.
>
> ii) Look at ip packet headers of established connections and when certain
> conditions are met tear down the connection.
I presume you mean TCP in the second case, IP doesn't have a notion
of an established connection by itself.
> Obviously this isn't the kind of thing we will be using the usual
> firewall software, at least not as I understand the software. What I
> want to know from you FreeBSD hackers is:
This sounds exactly like what regular packet filtering software
like ipfw or ipf do (both have man pages). Another possibility would
be to use netgraph and the ng_bpf device, which can do any filtering
that the Berekley Packet Filter can do.
David.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
