SUMMARY: tru64 port based filtering with ifaccess.conf?

From: Shane Caple (scaple_at_quoll.com.au)
Date: 12/15/03

  • Next message: Shah, Alay: "Using CA's eTrust Admin on Tru64 V5.1A & V5.1B" 
    Date: Mon, 15 Dec 2003 23:37:45 +0930 (CST)
To: tru64-unix-managers@ornl.gov

    Thanks to everyone who responded to my question.

    If you want to do port based filtering on Tru64 version 5.x,
    IP Filter is apparently the way to go. My group is testing
    this solution now. I have used this on Solaris, but wasn't
    aware it was supported for Tru64. SEE:

    http://coombs.anu.edu.au/~avalon/

    Included below are the responses i receieved. One response
    discusses running a linux box with transparent bridge and
    netfilter. This person obviously has too much time on their
    hands. :-)

    ===

    Chris, Eubank:

    IPFilter is the product you want.

    We've used it with great success, I'll recommend it to anyone :)

    ..a word of warning though, the instructions aren't all that straight
    forward to someone to hasn't done any of this type of work before...

    ===

    Nikola Milutinovic (Nix):

    Tru64 v5.x support IPfilter interface, which means you can compile it
    and use it.

    ===

    Charles Ballowe [ at steelballs.org :-) ]

    I'm surprised nobody mentioned ipfilter.
    http://coombs.anu.edu.au/~avalon/

    take a look, it should do everything you need, though I've never used
    it.

    Also, any services that you can use tcpwrappers with can be filtered by
    service which may also serve the goal you're looking for.

    -Charlie

    ===

    James Sainsbury (RGDS):

    One option we used where we had to filter traffic to a particular box
    which had no access controls at all was to intercalate a linux box with
    two interfaces running the transparent bridging code + netfilter.
    In this configuration the box doesn't even need an ip address
    but all traffic traversing the box is passed to the netfilter rules.
    The bridging code is in the mainstream kernels but adding the filtering
    code a patch (bridge-nf) is necessary. (See http://bridge.sourceforge.net/)

    Ebtables, a slightly different project will achieve the same thing
    (See http://sourceforge.net/projects/ebtables/)

    I hope this may be of use to you at some stage.

    -
    shane.

  • Next message: Shah, Alay: "Using CA's eTrust Admin on Tru64 V5.1A & V5.1B"

    Relevant Pages

    • tru64 port based filtering with ifaccess.conf?
      ... firewall rulesets - this is on a tru64 5.1b cluster running on ... ifaccess.conf does not do port based filtering. ... against this interface in "ifaccess.conf". ...
      (Tru64-UNIX-Managers)
    • Re: IS IPfilter available for Windows?
      ... Not IPFilter, but something equivalent to ipchains filtering stuff is ... Ne sous estime pas le côté obscure du net... ... qu'ils mettent un peu plus de lumière parce que là, ...
      (comp.security.firewalls)
    • Re: Solaris Express b72 and IPFilter
      ... > However, one thing seems to be given me problems: IPFilter, both filtering ... > Rules will load, but IPF seems disconnected from the IP traffic. ...
      (comp.unix.solaris)
    • Re: IP Packet Filter
      ... In other words, user-mode IP filtering is ... registry, you will see that Ipfilter is demand-start and stoppable service, ... with IP itself, rather than Ipfilter. ... so that MSDN recommends NDIS IM for packet filtering ...
      (microsoft.public.win32.programmer.networks)
    • Re: filtering on the interface driver
      ... what i'm trying to set the source address filtering not by netfilter, ... The filtering in the driver itself is not a ... What i want to packet filtering on the ethernet interface levels is ... address from the netfilter. ...
      (comp.os.linux.networking)