From: Shane Caple (scaple@quoll.com.au)
Date: Mon Dec 15 2003 - 09:07:45 EST
Thanks to everyone who responded to my question.
If you want to do port based filtering on Tru64 version 5.x,
IP Filter is apparently the way to go. My group is testing
this solution now. I have used this on Solaris, but wasn't
aware it was supported for Tru64. SEE:
http://coombs.anu.edu.au/~avalon/
Included below are the responses i receieved. One response
discusses running a linux box with transparent bridge and
netfilter. This person obviously has too much time on their
hands. :-)
===
Chris, Eubank:
IPFilter is the product you want.
We've used it with great success, I'll recommend it to anyone :)
..a word of warning though, the instructions aren't all that straight
forward to someone to hasn't done any of this type of work before...
===
Nikola Milutinovic (Nix):
Tru64 v5.x support IPfilter interface, which means you can compile it
and use it.
===
Charles Ballowe [ at steelballs.org :-) ]
I'm surprised nobody mentioned ipfilter.
http://coombs.anu.edu.au/~avalon/
take a look, it should do everything you need, though I've never used
it.
Also, any services that you can use tcpwrappers with can be filtered by
service which may also serve the goal you're looking for.
-Charlie
===
James Sainsbury (RGDS):
One option we used where we had to filter traffic to a particular box
which had no access controls at all was to intercalate a linux box with
two interfaces running the transparent bridging code + netfilter.
In this configuration the box doesn't even need an ip address
but all traffic traversing the box is passed to the netfilter rules.
The bridging code is in the mainstream kernels but adding the filtering
code a patch (bridge-nf) is necessary. (See http://bridge.sourceforge.net/)
Ebtables, a slightly different project will achieve the same thing
(See http://sourceforge.net/projects/ebtables/)
I hope this may be of use to you at some stage.
-
shane.
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:49:46 EDT