Bluehost.com Web Hosting $6.95

firewall design

This is a discussion on firewall design within the Linux Networking forums, part of the Linux Forums category; i aspire to design a content based packet filter (in a router)in this manner:- * disable the routing function. * use ...


Go Back   Usenet Forums > Linux Forums > Linux Networking

Reload this Page firewall design

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 12-28-2004
Sridhar Natarajan
 
Posts: n/a
Default firewall design
i aspire to design a content based packet filter (in a router)in this
manner:-
* disable the routing function.
* use tcpdump to monitor and capture packets on incoming
interface.
* parse the packet content till application layer content and
check if it matches with the filtering criteria.
* if not inject the packet in the outgoing interface by hacking
the kernel network testing machanism("Packet Generator" of linux
2.4)to generate a copy of the packet.
i need suggestions on this strategy.
Reply With Quote
  #2 (permalink)  
Old 12-28-2004
Tauno Voipio
 
Posts: n/a
Default Re: firewall design
Sridhar Natarajan wrote:
> i aspire to design a content based packet filter (in a router)in this
> manner:-
> * disable the routing function.
> * use tcpdump to monitor and capture packets on incoming
> interface.
> * parse the packet content till application layer content and
> check if it matches with the filtering criteria.
> * if not inject the packet in the outgoing interface by hacking
> the kernel network testing machanism("Packet Generator" of linux
> 2.4)to generate a copy of the packet.
> i need suggestions on this strategy.

Don't.

There is a good way to get packets into and out of
the network stack at the driver level: the tun/tap
device driver. Have a look at it, so you do not
need to do a kludge into the network stack.

To use it, you have to enable packet forwarding.

The proper way to limit what is forwarded and where,
is using iptables.

--

Tauno Voipio
tauno voipio (at) iki fi

Reply With Quote
  #3 (permalink)  
Old 01-16-2005
Jose Maria Lopez Hernandez
 
Posts: n/a
Default Re: firewall design
Sridhar Natarajan wrote:
> i aspire to design a content based packet filter (in a router)in this
> manner:-
> * disable the routing function.
> * use tcpdump to monitor and capture packets on incoming
> interface.
> * parse the packet content till application layer content and
> check if it matches with the filtering criteria.

You can use snort-inline to read the tcpdump files and very simple rules
to stop the traffic you want to.

--

Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAŅA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road"
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On




All times are GMT +1. The time now is 01:40 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0