Configuring and Installing IP Filter (IPF)
Author: Ph33r (ph33r@fatelabs.com) Fri July 3 12:13:42 GMT 2001 |
What is IPFilter (IPF)? |
IPFilter
or (IPF) is a software package that can be used to provide network
address translation or (NAT) of some sort of firewall services. IPF can
either be used either as a loadable kernel module or incorporated
into your unix kernel instead. It's recommended using a loadable kernel
module where possible. Scripts are provided to install and patch system
files as required
| IP Filters |
Installing IPF is pretty easy
and straightforward, following the documentation on the website, except
for the config files that they seem to hide in a rather weird directory
/etc/opt/ipf. I like to link these files to the ones in /etc cd /etc
NOTE: If you wish to enable IPF Logging and I would recommend that you do since it's very handy to have logs etc to track errors and things down with. If so, edit /etc/rc2.d/S65ipfboot and remove the "#" from the line; # ipmon -n & What this does is makes the IPF logging run and report everything over to the syslog.If you wish to make a syslog record the log messages, you also need to edit /etc/syslog.conf on the relevant syslog host and add the line; local0.debug /var/adm/messages What this does is log every packet that passed through the firewall. You may need to play around with this if you get a lot of traffic through your firewall other-words your log files will become hudge. NOTE: |
Configuring /etc/opt/ipf/ipf.conf |
Unix/Linux systems
offer a lot of different services to the world around them. Sometimes
hackers or script-kiddies can compromise these services and grain root on
that system or network. This is also bring to mind the word, 'security'
which is one of the most important aspects in computers now-a-days. For a
reference for newbies and secureing a Linux box, check out my last paper
on Locking Down Linux Mandrake. Even if you ddon't run Linux,It's still a
good read because it will give you a basic idea of what to look out for
security wise. Now, most ISPs already provide packet filtering that will stop all incoming connections to there dialup systems, so if this is the case, all you have to do is leave the file ipf.conf empty. If you have to setup your on packet filtering and I would think that you would want to enable all outgoing connections and to block any incoming connections. All you have to do is setup a set of rules for IP Filter for just that. Here is an example of ipf.conf: # |
Configuring /etc/opt/ipf/ipnat.conf |
To begin
using NAT, you will need to creat a NAT configuration file to begin with.
Run the command, touch /etc/opt/ipf/ipnat.conf which should then creat an
empty file called ipnat.conf in the location provided. Now, all you have
to do is edit the file and add in your set of rules. Here is an example of
the ipnat.conf file: # This file would map all TCP and UDP connections coming from the 10.5.3 network onto a new port with the IP address of the dp0 interface. The IP address of the dp0 interface is assigned dynamically when the connection is made. Ph33r |