Date: Fri, 26 Sep 1997 08:45:42 +0200 (SAT) From: Reinier Bezuidenhout <rbezuide@oskar.nanoteq.co.za> To: Don.Lewis@tsc.tdk.com (Don Lewis) Cc: nate@mt.sri.com, jacs@gnome.co.uk, security@FreeBSD.ORG Subject: Re: rc.firewall weakness? Message-ID: <199709260645.IAA15067@oskar.nanoteq.co.za> In-Reply-To: <199709260009.RAA19119@salsa.gv.tsc.tdk.com> from Don Lewis at "Sep 25, 97 05:09:07 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Oops ... Sorry guys .. looks like I was a bit late with the dynamic packet filtering :)... I didn't see that you already did mention it. What we have for our firewalling system is a daemon that manges the packet filtering rules. Rules are grouped together e.g. you could get a block reading 2000 to 3000 reserved for ftp connections. Then a program e.g. ftpd can only add rules in that block and no where else. Rules are then added via a daemon that keeps track of all the rules. User level applications then have the ability to dynamically add and delete rules via this daemon, and this daemon could also inforce certain policy rules, e.g. refusing to add any rule reading "allow all from any to any" expect if done by root. Reinier ################################################################### # # # R.N. Bezuidenhout NetSeq Firewall # # rbezuide@oskar.nanoteq.co.za http://www.nanoteq.co.za # # # ###################################################################
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199709260645.IAA15067>