home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam  

Building Internet Firewalls

Building Internet FirewallsSearch this book
Previous: B.2 Analysis Tools Appendix B
Next: B.4 Proxy Systems Tools

B.3 Packet Filtering Tools

These tools allow you to add packet filtering to a PC or UNIX system.

B.3.1 screend


screend , which was originally written by Jeff Mogul at Digital Equipment Corporation and is now maintained by Paul Vixie, is a package that lets you add packet filtering capabilities to the kernel of BSD -based UNIX systems.

B.3.2 Drawbridge


Drawbridge, by Texas A&M University, is a package that lets you turn a PC (one that is running MS-DOS and has two Ethernet or two FDDI boards) into an IP packet filter. There are three programs: Filter, Filter Compiler, and Filter Manager. Filter is the program that runs on the PC itself. Filter Compiler and Filter Manager are support programs that run on a UNIX box, and allow you to compile the filter lists into the form needed by the PC , and then download them over the Internet to the PC . (Alternatively, you can transfer them to the PC on floppy, if you can write an MS-DOS floppy disk from your UNIX box.)

B.3.3 KarlBridge


The KarlBridge package, by Doug Karl, is a program that runs on a PC with two Ethernet boards. It turns the PC into a packet-filtering bridge.