Firewalls: writing packet filters.

Firewalls
(September 1994)

Indexed By Thread: [Previous] [Next]

Subject:	writing packet filters.
From:	Darren Reed <avalon @ coombs . anu . edu . au>
Date:	Thu, 15 Sep 1994 12:14:34 +1000 (EST)
To:	firewalls @ GreatCircle . COM

It has often been said that having a filter list for both the in AND out
side of the IP in a router is desirable (for obvious reasons).

In writing some filter software myself, for SunOS 4, I'm pondering the
wisdom of having 3 filter lists:
	* inbound
	* outbound
	* general

A packet going in would then be applied against the inbound and general
and one going out would be checked against the outbound and general lists.

Does this seem excessive (ie complicating this issue too much) ?  If not,
which order would people prefer - the "general" list being checked before
or after the `direction' specific list ?

Darren

Indexed By Date	Previous:	Re: Firewall-1 From: Craig . Bishop @ BarwonWater . Vic . Gov . Au
Indexed By Date	Next:	Re: PowerBroker and root acc From: Brent @ GreatCircle . COM (Brent Chapman)
Indexed By Thread	Previous:	Re: Document listing MOSAIC vulnerabilities From: Ken Hardy <ken @ bridge . com>
Indexed By Thread	Next:	Re: writing packet filters. From: jim @ Tadpole . COM (Jim Thompson)