Description

This article is from the Firewalls FAQ, by Matt Curtin cmcurtin@interhack.net and Marcus J. Ranum mjr@nfr.com with numerous contributions by others.

22 What are some reasonable filtering rules for a kernel-based packet screen?

This example is written specifically for ipfwadm on Linux, but the
principles (and even much of the syntax) applies for other kernel interfaces
for packet screening on ``open source'' Unix systems.

There are four basic categories covered by the ipfwadm rules:

-A
Packet Accounting
-I
Input firewall
-O
Output firewall
-F
Forwarding firewall

ipfwadm also has masquerading (-M) capabilities. For more information on
switches and options, see the ipfwadm man page.

Continue to:

prev: 21 What are some cheap packet screening tools?
Index
next: 23 Implementation (filtering rules for a kernel-based packet screen)

Share and Enjoy

Bookmark this story so others can enjoy it:


	stason.org

	Articles
	Development
	Books
	Teaching
	Photography
	Bits and Pieces
	TULARC
	Contact Us
	Site Map


	Favorites

	Free Online Books
	Meta Religion
	Travel Blogs
	StasoSphere
	Healing Info
	Article Collection
	Practical mod_perl
	mod_perl2 Book
	MailChannels

		Articles / TULARC / Security / Firewalls /







		22 What are some reasonable filtering rules for a kernel-based packet screen?


	Search

22 What are some reasonable filtering rules for a kernel-based packet screen?

Description

22 What are some reasonable filtering rules for a kernel-based packet screen?

Share and Enjoy

Tags