From owner-freebsd-hackers  Sun Aug 20 20:58:34 1995
Return-Path: hackers-owner
Received: (from majordom@localhost)
          by freefall.FreeBSD.org (8.6.11/8.6.6) id UAA11464
          for hackers-outgoing; Sun, 20 Aug 1995 20:58:34 -0700
Received: from rover.village.org (rover.village.org [198.137.146.49])
          by freefall.FreeBSD.org (8.6.11/8.6.6) with ESMTP id UAA11456
          for <hackers@FreeBSD.ORG>; Sun, 20 Aug 1995 20:58:31 -0700
Received: from localhost (localhost [127.0.0.1]) by rover.village.org (8.6.11/8.6.6) with SMTP id VAA02029; Sun, 20 Aug 1995 21:55:43 -0600
Message-Id: <199508210355.VAA02029@rover.village.org>
To: "Raju M. Daryanani" <raju@rssd.hk.olivetti.com>
Subject: Re: Internet In A Box 
Cc: dennis@et.htp.com (dennis), gryphon@healer.com, hackers@FreeBSD.ORG
In-reply-to: Your message of Mon, 21 Aug 1995 10:35:39 +0800
Date: Sun, 20 Aug 1995 21:55:42 -0600
From: Warner Losh <imp@village.org>
Sender: hackers-owner@FreeBSD.ORG
Precedence: bulk

: If there's something better that allows more control I'd like to know about
: it.

We currently use ipfilt.  We're quite happy with it.  It is basically
a replacement for ip_output.  We run it on a FreeBSD 1.1.5.1R box that
is on a 386DX40.  It is one of the two packages that we're aware of
that will filter the famous "IP-Fragment-Spoof" problem (where you
send an acceptible IP fragment through, then set the offset to be 1
and overwrite the acceptible bits with naught bits).  The other is
very recent versions of Cisco routers.  It does no sorting and has
been verified as secure by testing by one of the more paranoid
villagers (Dworkin Muller).  He looked at screend and ipfirewall that
came with FreeBSD and quickly moved on to better ground.

Warner

P.S.  There is a company called "Spry" that sells a product called
Internet In A Box for the pcs running windows.