Complete.Org: Mailing Lists: Archives: linux-help: February 2001:
[linux-help] Re: packet filter
Home

[linux-help] Re: packet filter

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: linux-help@xxxxxxxxx
Subject: [linux-help] Re: packet filter
From: Steven Saner <ssaner@xxxxxxxxxxxxxxx>
Date: Mon, 26 Feb 2001 09:12:15 -0600
Reply-to: linux-help@xxxxxxxxx

You don't specify which packet filtering software you are wanting to
use, so I will assume IP-Chains. The IPCHAINS-HOWTO actually has some
pretty good information regarding your questions.

http://www.ibiblio.org/mdw/HOWTO/IPCHAINS-HOWTO.html

With IP chains you can essentially create chains of filter commands
and then assign that chain to a particular interface either as an
input filter, an output filter, or a forward filter.

In general, it is a good idea to push the filtering as far to the edge
of your network as you can. So if there are certain things that you do
not want to come into your network at all, you should filter those at
the outermost interface (your Cable/DSL/Dailup modem or whatever your
upstream is).

Section 7 of the IPCHAINS-HOWTO has a fairly complete example of a
possible network. It might not be what you are planning to implement,
but the explainations of how to make that example work are useful.


On Mon, Feb 26, 2001 at 05:10:43PM +0530, Hareesh V H wrote:
> 
> 
> hi! can somebody tell me more on this: when you develop a packet filter,
> this is almost always to be run on a router/gateway. now, which interface
> of the router is it attached to? and how is it done(in linux, specific)?
> 
> what i mean is, packets attached to which iterface(2 ideally of the
> routers) are given to the packet filter? in a case, i have read of 2
> filters placed, on either side of ann app. gateway, one filtering incoming
> packets and the other one filtering outgoing packets. is this possible for
> one filter employed at a router(with 2 interfaces), the question is can
> the packet filter access packets coming from both interfaces and how does
> he make the decision of forwarding/not forwarding? sorry if this is
> another faq. thanks in advance.
> 
> regards,
> Hareesh.
>  
> 
> 
> 
> 
> -- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
> visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi

-- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi


[Prev in Thread] Current Thread [Next in Thread]