[Shorewall-users] some "feature questions"

Tom Eastep teastep@shorewall.net
Tue, 30 Apr 2002 07:09:39 -0700 (Pacific Daylight Time)


On Sat, 27 Apr 2002, Goetz Reinicke wrote:

> Hi,
>
> I recently got a book about linux firewalls (for ipchains), and in the
> examples they activate/dissable some funktions in /proc/sys/net/ipv4.
>
> E.g. reject ICMP-Redirects,

Shorewall doesn't do that.

protection against bogus IPs,

That's what 'routefilter' does (interfaces file).

> activate
> TCP-SYN-Cookies, reject source routed packets. Furthermore they reject
> fragmented packets.
>

Shorewall doesn't do any of those.

> Are there any comparable mechanisms in shorewall? Or do I have to
> activate those protections by hand / systemstart?
>

You get to do these -- In RedHat, you can use /etc/sysctl.conf; don't know
about other distros. You can always add 'echo' commands to
/etc/shorewall/start.

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net