Re: abusing the fr_{st,nat}putent routines for transparent proxies
This is a discussion on Re: abusing the fr_{st,nat}putent routines for transparent proxies within the IPFilter forums, part of the System Security and Security Related category; In some email I received from Ryan Beasley, sie wrote: > From a, erm, "policy" perspective, is there ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
06-28-2003
|
|||
|
|||
Re: abusing the fr_{st,nat}putent routines for transparent proxies
In some email I received from Ryan Beasley, sie wrote:
> From a, erm, "policy" perspective, is there any reason I should > avoid using the fr_{st,nat}putent routines from a transparent proxy? > I've modified 4.0a source to perform some add'l basic checks > (incrementing the wildcard counter, associating entries w/ timeout > queues, etc.) on the incoming entries before insertion and am running > without problems so far. Doing it this way just seems much nicer > than inserting "keep state" and IP NAT rules. > > Anyone have any ideas / suggestions? Couple of pointers... The routines that implement the "put" ioctl expect to be copying data from userspace, so you'll need to account for that. Otherwise, I can't see why not. Darren 
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 08:34 AM.
