|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
From: Martin Sjolin <marsj@ida.liu.se> Date: Sat, 11 Feb 95 19:19:34 +0100 To: linux-net@vger.rutgers.edu Cc: Alan Cox <iialan@iifeak.swan.ac.uk> Hi, I have been following the discussion on the "firewall" discussion lists. Now, the current implementation in ip_fw.c for filtering IP packets only takes the source and destination address into account, right? To fully assure against the break-ins, the filtering needs to take the IP address _and_ the device (input/output) into account, e.g. otherwise a faked packet on the my SLIP/PPP device from my interent provider with address 127.0.0.1 be accepted (if the firewall accept IP packets from 127.0.0.1)? When reading the manual page for `ipfw', it mentions this deficieny, is there on going work? And will it be included into 1.2? I'm very interested in have this facility added to kernel RSN. later, msj -- Martin Sj\"olin | http://www.ida.liu.se/labs/iislab/people/marsj Department of Computer Science, LiTH, S-581 83 Link\"oping, SWEDEN phone : +46 13 28 24 10 | fax : +46 13 28 26 66 | e-mail: marsj@ida.liu.se
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |