Great Circle Associates Firewalls
(October 1992)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Filters and interfaces.
From: avalon @ coombs . anu . edu . au (Darren Reed)
Date: Sun, 4 Oct 92 04:20:53 +1000
To: Firewalls @ GreatCircle . COM

   From documentation presented here on this list and available for
products such as screend for Ultrix and SGI's packet filter daemon,
its seems that most filters have one set of rules through which all
packets must pass.  While fair, this would seemingly slow down the
network traffic which is never going to be filtered and even more so
if the host which is acting as the filter is routing more than two
network connections.

   To reduce both the size of filter rulesets as well as increasing
throughput of non-filtered traffic, it would seem better to be able
to setup a different filter rule set for each interface connected to
the host.  Are there any working packet filters which are able to
operate in this way or does anyone know of any texts which discuss
this ?  With this approach, you could more easily block packets from
outside which were trying to be internal hosts.

cheers,
Darren.


Indexed By Date Previous: How I deal with bounced Firewalls messages
From: Brent Chapman <brent @ GreatCircle . COM>
Next: Re: your mail
From: "John B. Brown" <jbb @ flare . cs . umb . edu>
Indexed By Thread Previous: How I deal with bounced Firewalls messages
From: Brent Chapman <brent @ GreatCircle . COM>
Next: Filters and interfaces.
From: afx @ muc . ibm . de (Andreas Siegert)

Google
 
Search Internet Search www.greatcircle.com