From: Shane Caple (scaple@quoll.com.au)
Date: Mon Dec 08 2003 - 09:06:30 EST
hello,
EXECUTIVE SUMMARY:
does anyone know of a way to do port based
ip filtering under tru64?
DETAIL:
my group has been using the "ifaccess.conf" file to implement
host based security in addition to our network provider's
firewall rulesets - this is on a tru64 5.1b cluster running on
two alpha 4100 servers.
this has worked well for us, but now we want to have some rules
which filter based on "ports". this doesn't seem to be possible
with ifaccess.conf.
- i checked with a compaq (hp) engineer and he confirmed that
ifaccess.conf does not do port based filtering.
i tried to work around this by adding a subinterface to the
server, with the aim of creating a new "interface" with a second
ip, which we could bind selected processes to, and then filter
against this interface in "ifaccess.conf".
but unfortunately, tru64 seems to implement "subinterfaces" as
"aliases" so instead of having two interfaces like this: "tu0"
and "tu0:1", we still see only one interface "tu0" but with two
ip addresses.
- the compaq (hp) engineer was aware of IPTABLES for linux which
can do port based filtering, and so much more, but he told me
that ifaccess.conf doesn't have this capability. he was not aware
of an alternative to get around this problem..
any help would be much appreciated.. thanks..
--- shane.
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:49:46 EDT