C. Cau
2003-Aug-24 16:03 UTC
[Shorewall-users] Passive OS fingerprinting and conditional firewalling
Hi all, there''s an interesting citaton on kerneltrap.org, mentioning the addition of passive OS fingerprinting to the OpenBSD firewall (http://www.kerneltrap.org/node/view/770 for those interested) This new feature enables the possibility of triggering customized firewall rules according to the (detected) incoming OS, in a fully passive way. I was wondering if the above would be feasible by using iptables and shorewall... actually the main doubt is about iptables, more than shorewall itself. Corrado
Tom Eastep
2003-Aug-24 16:13 UTC
[Shorewall-users] Passive OS fingerprinting and conditional firewalling
On Mon, 25 Aug 2003, C. Cau wrote:> > This new feature enables the possibility of triggering customized firewall > rules according to the (detected) incoming OS, in a fully passive way. > > I was wondering if the above would be feasible by using iptables and > shorewall... actually the main doubt is about iptables, more than shorewall > itself. >This would have to be implemented in iptables and made available in standard kernels before Shorewall would have any way to support it. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net