The HyperNews Linux KHG Discussion Pages

Feedback: [Selectively] Droping Packets

Forum: The Linux Kernel Hackers' Guide
Re: Question Droping Packets (Charles Barrasso)
Keywords: ICMP packet Firewall
Date: Fri, 11 Apr 1997 19:38:11 GMT
From: Jose R. cordones <cord2403@cslab.engr.ccny.cuny.edu>

Sure you can.

Look into compiling support for "Firewall," etc. code in the kernel. Then you get the "ipfwadm" (IP Firewall Admin.) package (available wherever fine free software is sold^H^H^H^Hgiven away.)

You then add rules on which traffic to allow your host to accept, which to reject (implies that the host attempting a connection receives feedback in the form of a ICMP error message) and which to ignore (no ICMP error sent.)

If such a machine is additionally forwarding traffic between several networks, then the marketing people call this a "Firewall." But you can also be using it just to protect the host itself.

There are other solutions that are not so low-level such as the tcpd daemon and configuring well any daemon/service you run on your machine, something to which no firewall can be a substitute.


Cheers,
José R. Cordones <cord2403@cslab.engr.ccny.cuny.edu>
http://www.engr.ccny.cuny.edu/~cordones