[Selectively] Droping Packets
[Selectively] Droping Packets
Droping Packets (Charles Barrasso)
|
Sure you can. Look into compiling support for "Firewall," etc. code in the kernel. Then you get the "ipfwadm" (IP Firewall Admin.) package (available wherever fine free software is sold^H^H^H^Hgiven away.) You then add rules on which traffic to allow your host to accept, which to reject (implies that the host attempting a connection receives feedback in the form of a ICMP error message) and which to ignore (no ICMP error sent.) If such a machine is additionally forwarding traffic between several networks, then the marketing people call this a "Firewall." But you can also be using it just to protect the host itself. There are other solutions that are not so low-level such as the tcpd daemon and configuring well any daemon/service you run on your machine, something to which no firewall can be a substitute. Cheers, José R. Cordones <cord2403@cslab.engr.ccny.cuny.edu> http://www.engr.ccny.cuny.edu/~cordones |