On Tuesday 01 January 2002 01:25, Tor Inge Kloumann
wrote:> I''ve decided to try to make a transparent bridge, that should drop
> packet''s based on some weird rules.
> I have googled around a bit and couldn''t find any information
about what
> I would like to do.
> And therefore I now send a mail to this mailinglist in hope that someone
> can either help me, or point me in the right direction.
>
> What I want to do is the following:
> Make a transparent bridge that starts dropping ICMP packets that are
> oversized(malicious icmp), drop all syn packets that comes from spoofed
> hosts(non existent ip''s), drop other obvious malicious traffic.
> My problem is not dropping packets(hehe), the problem is dropping
> packets based on these rules, so that legit icmp/syn traffic etc will
> not be affected by the rules.
> I''ve done some testing with hogwash as transparent bridge to
intercept
> and block malicious packets. I was however not able to use hogwash to
> drop icmp/syn based on above clearified rules.
>
>
> If someone could point me in the right direction/maybe someone has some
> examples(?) I would be very greatfull.
Have you read the docs about iptables? It can match allmost everything.
Search for the -m so you can call extra "helpers".
You can use iptables on a linux bridge, but it requires some extra patches.
Stef
--
stef.coene@docum.org
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.oftc.net
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/