[Shorewall-users] some "feature questions"
Tue, 30 Apr 2002 07:09:39 -0700 (Pacific Daylight Time)
On Sat, 27 Apr 2002, Goetz Reinicke wrote:
> I recently got a book about linux firewalls (for ipchains), and in the
> examples they activate/dissable some funktions in /proc/sys/net/ipv4.
> E.g. reject ICMP-Redirects,
Shorewall doesn't do that.
protection against bogus IPs,
That's what 'routefilter' does (interfaces file).
> TCP-SYN-Cookies, reject source routed packets. Furthermore they reject
> fragmented packets.
Shorewall doesn't do any of those.
> Are there any comparable mechanisms in shorewall? Or do I have to
> activate those protections by hand / systemstart?
You get to do these -- In RedHat, you can use /etc/sysctl.conf; don't know
about other distros. You can always add 'echo' commands to
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ firstname.lastname@example.org