In article <199412200348 .
WAA14292 @
bronze .
lcs .
mit .
edu>,
*Hobbit* <hobbit @
bronze .
lcs .
mit .
EDU> wrote:
>However, neither implementation apparently cares what *interface* a given
>packet came from, which makes it useless as a real packet filter! I beat
>up the developers newsgroup about it; hopefully they'll do something both in
>linux and 44bsd about this.
Uh, the interface a packet arrived on is available from the mbuf
header in 44bsd systems. I've used this fairly easily to build a
fairly minimumal packet filter so that "virtual private networking"
(encrypting and sending to a branch office) works, and isn't spoofed
by packets arriving from the "public" interface.
This is possible in 43BSD/SunOS too, thanks to a little kludge.
--
:!mcr!: | <A HREF="http://www.milkyway.com/";>Milkyway Networks Corporation</A>
Michael Richardson | Makers of the Black Hole firewall
NCF: aa714 || xx714 | +1 613 566-4574 ... mcr @
milkyway .
com
Home: <A HREF="http://www.sandelman.ocunix.on.ca/People/Michael_Richardson/Bio.html";>mcr @
sandelman .
ocunix .
on .
ca</A>. PGP key available.
Follow-Ups:
References:
|
|
