Re: [fw-wiz] Firewall Primitives
From: Matthew Kirkwood (matthew@hairy.beasts.org)
Date: 11/02/02
- Next message: Ali Saifullah Khan: "Re: [fw-wiz] IDS or Intrusion Prevention Systems"
- Previous message: Sam Stern: "Re: [fw-wiz] Firewall Primitives"
- In reply to: Cat Okita: "[fw-wiz] Firewall Primitives"
- Next in thread: Marcus J. Ranum: "Re: [fw-wiz] Firewall Primitives"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Matthew Kirkwood <matthew@hairy.beasts.org> To: Cat Okita <cat@reptiles.org> Date: Sat Nov 2 15:43:01 2002
On Fri, 1 Nov 2002, Cat Okita wrote:
> I've had far too much time on my hands lately, and it's led me to
> thinking about the basic elements that make up firewall rules and
> descriptors.
For what it's worth, one of my spare-time hacks is a
tool which does exactly this. It doesn't do full NAT,
but otherwise seems to meet most of your criteria (at
least, it does if you assume that the target language
or device is a possibly-stateful packet filter).
It has backends for iptables and ipchains which work
pretty well. There are also broken backends for IOS
ACLs and ipfilter that I always lack the time or/and
inclination to fix and test.
It lives at http://hairy.beasts.org/filter/
At one point I also stumbled across a similar tool by
Darren Reed, though that appeared untouched in a number
of years.
Matthew.
- Next message: Ali Saifullah Khan: "Re: [fw-wiz] IDS or Intrusion Prevention Systems"
- Previous message: Sam Stern: "Re: [fw-wiz] Firewall Primitives"
- In reply to: Cat Okita: "[fw-wiz] Firewall Primitives"
- Next in thread: Marcus J. Ranum: "Re: [fw-wiz] Firewall Primitives"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
