Date: Mon, 21 Aug 1995 00:23:08 -0400 From: Coranth Gryphon <gryphon@healer.com> To: hackers@freebsd.org Subject: Screend Message-ID: <199508210423.AAA03247@healer.com>
next in thread | raw e-mail | index | archive | help
According to dennis:
> screend sucks. Try something else.
Such as? I didn't like ipfw because it was convoluted to translate
the rules (at least the way I look at filtering), you could not simply
give it a config file, and it's easy to miss things in the rules.
Says "Raju M. Daryanani" <raju@rssd.hk.olivetti.com>:
> The problem I've got with it is that [SCREEND] doesn't allow you to screen
> out incoming TCP SYN packets. That will force me to close out some ports
> on which I would like to allow outgoing connections.
Just block "reserved" from foreign hosts, and you're fine. Or if you have
an idea how to distinguish these packets easily, we can probaly find a way
to patch the source to fix this.
> It also doesn't allow
> me to protect the machine it's running on, since it only works on packets
> that it is gating between networks. As a result I've got to use ipfirewall
I have patches ported that screen the local machine, as well as allowing
for screeing only the PPP interface on the local machine.
-coranth
------------------------------------------+------------------------+
Coranth Gryphon <gryphon@healer.com> | "Faith Manages." |
| - Satai Delenn |
Phone: 603-598-3440 Fax: 603-598-3430 +------------------------+
USMail: 11 Carver St, Nashua, NH 03060
Disclaimer: All these words are yours, except Europa...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199508210423.AAA03247>