Useful addition to ipfw
Hello,
I've found myself in a situation where a simple data inspection
capability added to ipfw would be very useful.
I'm not thinking about anything especially sophisticated, but what
about adding an option to check byte values (or flags, similar to
tcpdump)?
An example rule could be: add deny udp from any to me 12345 udp[4]&234
being the rule true if byte 4 in the UDP packet AND the number 234 is
not zero.
P.S: I'm thinking about controlling some types of UDP packets than
can be identified by simple flags present in the packet data.
Opinions?
Borja.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)