Preliminary SUMMARY: Packet filtering/screening with SunLink ISDN anyone?

From: Sten Gunterberg (sten@ergon.ch)
Date: Fri Nov 05 1993 - 07:30:53 CST


Hi Managers!

[ original question included at the end ]

Hmm. This is the first time that the list did *not* come up with
anything. I have now waited for approx. 2 weeks, but haven't got
a single reply :-(

Could I really be the only one worrying about packet filtering/screening
with the Sun IP/ISDN package? Does this wake up somebody? :-)

I think I will ask this question on the firewall list too (sure hope it
will not "dissapear" in the ongoing sendmail/kerberos/AFS "war" there :-).
I will summarize any findings from there too.

-- Sten

-------- Original question -------------------------------------------

We are just starting to use SunLink ISDN 1.0 for dial-up connections
using SS 10s and LXs (running SunOS 5.2). So far everything has been
really nice and smooth, works like a charm.

Now, what seems to be missing is the ability to do packet filtering
(also called packet screening), i.e. passing/rejecting/logging of IP
packets based on criteria from the packets, e.g. addresses, port
numbers, etc. (We are also using Morning Star's PPP here. Their packet
filtering is very good, IMHO).

After RTFM isdnio(7), pfmod(7) and using snoop(8), I determine that
packet filtering must be a possibility. So, has anyone already done it?
Reasons against doing it that way? Other ways of doing it?

Even if it is not possible to implement something similar to MST-PPP's
capabilities, any kind of filter is better than no filter :)

Thanks in advance and, as usual, I'll summarize.

-- Sten

----------------------------------------------------------------------------
Sten Gunterberg, sg@ergon.ch, /C=CH/A=arCom/P=EUnet/O=Ergon/S=Gunterberg/
GCS d-(++) p-(+)(---) c+++ !l u++++ e-(*) m+(---) s/++ h-- f+ !g w+ t+ y+(*)
           Friends come and go, but enemies accumulate.
                         -- Unknown



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:08:28 CDT