Announcing IP Filter version 2.8
What is IP Filter ?
Quick answer: a free packet filter which can be incorporated into any of
the supported operating systems, providing packet level filtering per
interface.
What's that mean to me ?
It means you can build it into your network servers which have more than
a single ethernet interface to protect your servers and internal networks
from IP spoofing and other attacks which defeat service level access control
methods.
Also, if you're confident enough, you can use this package to help build
your own firewall. I'd recommend using the TIS Firewall Toolkit in
conjunction with this package if you think you're capable of this, or
using it alone to build choke routers.
For more information, details and examples of filter rules, see:
http://coombs.anu.edu.au/~avalon/ip-filter.html
New to this release:
* Solaris 2.4 (on ethernet interfaces ONLY) is now supported except for the
return-rst and return-icmp options;
* Can now (optionally) log the first 128 bytes of a packet (if present),
including the packet header;
* ipmon can now generate log entries with names in place of numerical
hostname and port data by using the -N command line option;
* ipmon can now optionally log output through syslog using the new -s command
line option;
* IPSO Basic Security Options filtering;
* In-kernel filtering can be turned on/off;
* Regression testing to check the correctness of the filter;
* IP test program (ipsend) is now included with the package to allow the
administrator to send arbitary IP packets, or replay packet sequences
at the filter - runs on Linux, *BSD, Solaris2 and SunOS 4.1.x;
* Compacts IP header into a directly filterable form;
* Three-way filtering results, allowing packets which don't match any rule
to be counted and subjected to a general policy of denial or permission;
* Perl script suggesting rules (and other changes needed) that you'll need
to protect yourself from IP spoofing.
darren
|
|
