[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipchains-list
Subject:    Re: need help in firewall
From:       raf <raf () raf ! org>
Date:       2001-10-12 12:47:57
[Download RAW message or body]

amroz kamal siddiqui wrote:

> 
> hello,
> 	Iam a student with a project on firewall.  I've read lotta text and
> seen ipchains also.  I wish to make something like ipchains but simpler.
> Used pcap library to capture (or rather sniff) packet headers.  How do
> I stop the packets before they reach the networking code.
> 	
> 			Thank you.
> 			Lost. 

by modifying the kernel so the packets don't reach the networking code.
see where ipchains and iptables fit into the kernel and do what they do.

alternatively, you could make a bridging firewall where the firewall host
itself has no ip addresses at all. just interfaces in promiscuous mode.
read the bridging firewall howto for details. that way, with forwarding
turned off, you can implement a filter for hosts behind the firewall host.

raf

[prev in list] [next in list] [prev in thread] [next in thread]