Hi all ! I'd like to make firewall-filtering rules where only IP Packets pass through which meet the following criterias: 1) the IP Source address is in a certain range 2) the last hop (the hop I got the packet from) has to have a certain IP or MAC-address This way I could tell my Linux Box only to accept packages which come from my Cisco-Router (on the same LAN). Any ideas how to do that ? Any help would be appreciated. Greetz Matthias _____ Sent through Master Auchi Mail Systems http://www.masterauchi.com - powered by Linux
I'd like to make firewall-filtering rules where only IP Packets pass through which meet the following criterias:
1) the IP Source address is in a certain range can easily be done with ipchains ipchains -A input -s 1.2.3.0/24 -j ACCEPT ipchains -A input -j DENY 2) the last hop (the hop I got the packet from) has to have a certain IP or MAC-address AFAIK this is only possible with iptables. But kernel 2.4 is not recommended at the moment as firewall, because there are lots of bugs to be caught. Also solar designers patch (www.openwall.com/linux) will not be portet to 2.4 until 2.4.10 or so.
bye Markus -- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.dhs.org X Against HTML Mail / \
I'd like to make firewall-filtering rules where only IP Packets pass
which meet the following criterias:
1) the IP Source address is in a certain range can easily be done with ipchains ipchains -A input -s 1.2.3.0/24 -j ACCEPT ipchains -A input -j DENY 2) the last hop (the hop I got the packet from) has to have a certain IP or MAC-address AFAIK this is only possible with iptables. But kernel 2.4 is not recommended at the moment as firewall, because there are lots of bugs to be caught. Also solar designers patch (www.openwall.com/linux) will not be
The ipchains-part was the part I knew too :) My only problem was the ARP/MAC-part. Ok ... so when do you think the 2.4.10-Kernel will be released ? Or is this kind of filtering possible with other UNIX-Systems (e.g. BSD) ? cu _____ Sent through Master Auchi Mail Systems http://www.masterauchi.com - powered by Linux -----Ursprüngliche Nachricht----- Von: Markus Gaugusch [mailto:markus@gaugusch.dhs.org] Gesendet: Dienstag, 27. März 2001 07:49 An: Matthias Auchmann Cc: suse-security@suse.com Betreff: Re: [suse-security] IP & MAC Filtering through portet to 2.4 until 2.4.10 or so. bye Markus -- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.dhs.org X Against HTML Mail / \
participants (2)
-
Markus Gaugusch
-
Matthias Auchmann