- Forward


Frame/Packet Filtering
A Very Brief Introduction


Prof. David Bernstein
James Madison University

Computer Science Department
bernstdh@jmu.edu

Print

Packet Filter
Back SMYC Forward
  • Defined:
    • Software that looks at the header of packets to decide the "fate" of the entire packet
  • Possible "Fates":
    • Deny - discard the packet
    • Accept
    • Reject - discard but inform the source
Why Filter Packets?
Back SMYC Forward
  • Control/Management:
    • Allow/disallow incoming packets from certain locations
    • Allow/disallow outgoing packets to certain locations
  • Security:
    • Limit access to services
    • Log abnormal events
Packet Filtering in Linux
Back SMYC Forward
  • How?
    • In the kernel
    • Controlled using iptables
  • Configuration Using iptables -t filter:
    • -A INPUT
    • -A OUTPUT
    • -s source address
    • -d destination address
    • -i incoming interface
    • -o outgoing interface
    • -p tcp | udp | icmp
    • -m mac -mac source MAC address
    • -j ACCEPT | DROP | REJECT | LOG
Packet Filtering in Linux (cont.)
Back SMYC Forward

An Example

unixexamples/security/filtering.txt
 
TCP Wrapper
Back SMYC Forward
  • Purpose:
    • Handle security of packets that have passed through the filter
  • Configuration:
    • There are two files, hosts.allow and hosts.deny that include lists of services and who can/can't use them
There's Always More to Learn
Back -