This commit was generated by cvs2svn to compensate for changes in r145513,
which included commits to RCS files with non-trunk default branches.
This commit is contained in:
parent
a72b0131c9
commit
83b71dcb90
@ -1,98 +0,0 @@
|
||||
BUGS:
|
||||
-----
|
||||
* fix "to <ifname>" bug on FreeBSD 2.2.8
|
||||
fastroute works
|
||||
|
||||
===============================================================================
|
||||
GENERAL:
|
||||
--------
|
||||
|
||||
* support redirection like "rdr tun0 0/32 port 80 ..."
|
||||
|
||||
* use fr_tcpstate() with NAT code for increased NAT usage security or even
|
||||
fr_checkstate() - suspect this is not possible.
|
||||
|
||||
* add another alias for <thishost> for interfaces <thisif>? as well as
|
||||
all IP#'s associated with the box <myaddrs>?
|
||||
|
||||
time permitting:
|
||||
|
||||
* load balancing across interfaces
|
||||
|
||||
* record buffering for TCP/UDP
|
||||
|
||||
* modular application proxying
|
||||
-done
|
||||
|
||||
* allow multiple ip addresses in a source route list for ipsend
|
||||
|
||||
* port IP Filter to Linux
|
||||
Not in this century.
|
||||
|
||||
* document bimap
|
||||
|
||||
* document NAT rule order processing
|
||||
|
||||
* add more docs
|
||||
in progress
|
||||
|
||||
3.4:
|
||||
XDDD. I agree. Bandwidth Shapping and QoS (Quality of Service, AKA
|
||||
traffic priorization) should be *TOP* in the TO DO list.
|
||||
|
||||
* Bandwidth limiting!!!
|
||||
maybe for solaris, otherwise "ALTQ"
|
||||
* More examples
|
||||
* More documentation
|
||||
* Load balancing features added to the NAT code, so that I can have
|
||||
something coming in for 20.20.20.20:80 and it gets shuffled around between
|
||||
internal addresses 10.10.10.1:8000 and 10.10.10.2:8000. or whatever.
|
||||
- done, stage 1 (round robin/split)
|
||||
The one thing that Cisco's PIX has on IPF that I can see is that
|
||||
rewrites the sequence numbers with semi-random ones.
|
||||
- done
|
||||
|
||||
I would also love to see a more extensive NAT. It can choose to do
|
||||
rdr and map based on saddr, daddr, sport and dport. (Does the kernel
|
||||
module already have functionality for that and it just needs support in
|
||||
the userland ipnat?)
|
||||
-sort of done
|
||||
|
||||
* intrusion detection
|
||||
detection of port scans
|
||||
detection of multiple connection attempts
|
||||
|
||||
* support for multiple log files
|
||||
i.e. all connections to ftp and telnet logged to
|
||||
a seperate log file
|
||||
|
||||
* multiple levels of log severity with E-mail notification
|
||||
of intrusion alerts or other high priority errors
|
||||
|
||||
* poison pill facility
|
||||
after detection of a port scan, start sending back
|
||||
large packets of garbage or other packets to
|
||||
otherwise confuse the intruder (ping of death?)
|
||||
|
||||
IPv6:
|
||||
-----
|
||||
* NAT is yet not available, either as a null proxy or address translation
|
||||
|
||||
BSD:
|
||||
* "to <if>" and "to <if>:<ip>" are not supported, but "fastroute" is.
|
||||
|
||||
Solaris:
|
||||
* "to <if>:<ip>" is not supported, but "fastroute" is and "to <if>" are.
|
||||
|
||||
Tru64:
|
||||
------
|
||||
* IPv6 checksum calculation for RST's and ICMP packets is not done (there
|
||||
are routines in the Tru64 kernel to do this but what is the interface?)
|
||||
|
||||
does bimap allow equal sized subnets?
|
||||
|
||||
make return-icmp 'intelligent' if no type is given about what type to use?
|
||||
|
||||
reply-to - enforce packets to pass through interfaces in particular
|
||||
combinations - opposite to "to", set reverse path interface
|
||||
|
@ -1,121 +0,0 @@
|
||||
Script started on Mon Apr 25 17:24:29 2005
|
||||
/sbin /usr/sbin /bin /usr/bin /etc /usr/sbin
|
||||
FreeBSD FreeBSD/i386.6.0 on /dev/ttyp0
|
||||
tcsh
|
||||
.cshrc
|
||||
(.cshrc)
|
||||
-done.
|
||||
/bin /sbin /etc /usr/bin /usr/sbin /usr/games
|
||||
.cshrc done
|
||||
TERM = vt100
|
||||
/usr/X11R6/man /usr/share/man
|
||||
(freebsd6:~) cd /usr/src/sy[K[Kcontrib/ipfilter
|
||||
(freebsd6:/usr/src/contrib/ipfilter) l
|
||||
./ ip_compat.h ipf.h
|
||||
../ ip_fil.c ipl.h
|
||||
.cvsignore ip_fil.h iplang/
|
||||
BNF ip_fil_freebsd.c ipmon.h
|
||||
BSD/ ip_frag.c ipsd/
|
||||
BugReport ip_frag.h ipsend/
|
||||
CVS/ ip_ftp_pxy.c ipt.h
|
||||
FAQ.FreeBSD ip_h323_pxy.c kmem.h
|
||||
FWTK/ ip_htable.c l4check/
|
||||
FreeBSD/ ip_htable.h lib/
|
||||
FreeBSD-2.2/ ip_ipsec_pxy.c man/
|
||||
FreeBSD-3/ ip_irc_pxy.c md5.c
|
||||
FreeBSD-4.0/ ip_log.c md5.h
|
||||
HISTORY ip_lookup.c mkfilters
|
||||
IMPORTANT ip_lookup.h mlf_ipl.c
|
||||
INST.FreeBSD-2.2 ip_msnrpc_pxy.c mlf_rule.c
|
||||
INSTALL.FreeBSD ip_nat.c mlfk_ipl.c
|
||||
INSTALL.xBSD ip_nat.h mlfk_rule.c
|
||||
IPF.KANJI ip_netbios_pxy.c mlh_rule.c
|
||||
IPFILTER.LICENCE ip_pool.c net/
|
||||
Makefile ip_pool.h netinet/
|
||||
NAT.FreeBSD ip_pptp_pxy.c opts.h
|
||||
QNX_OCL.txt ip_proxy.c pcap-ipf.h
|
||||
README ip_proxy.h perl/
|
||||
STYLE.TXT ip_raudio_pxy.c radix.c
|
||||
WhatsNew40.txt ip_rcmd_pxy.c radix_ipf.h
|
||||
Y2K ip_rpcb_pxy.c rules/
|
||||
bpf-ipf.h ip_rules.c samples/
|
||||
bpf_filter.c ip_rules.h snoop.h
|
||||
bsdinstall ip_scan.c test/
|
||||
buildsunos ip_scan.h todo
|
||||
etc/ ip_state.c tools/
|
||||
fil.c ip_state.h typescript
|
||||
ip_auth.c ip_sync.c
|
||||
ip_auth.h ip_sync.h
|
||||
(freebsd6:/usr/src/contrib/ipfilter) l CVS
|
||||
./ Entries Repository
|
||||
../ Entries.Log Root
|
||||
(freebsd6:/usr/src/contrib/ipfilter) \rm -rf CVS
|
||||
(freebsd6:/usr/src/contrib/ipfilter) l
|
||||
./ ip_compat.h ip_sync.h
|
||||
../ ip_fil.c ipf.h
|
||||
.cvsignore ip_fil.h ipl.h
|
||||
BNF ip_fil_freebsd.c iplang/
|
||||
BSD/ ip_frag.c ipmon.h
|
||||
BugReport ip_frag.h ipsd/
|
||||
FAQ.FreeBSD ip_ftp_pxy.c ipsend/
|
||||
FWTK/ ip_h323_pxy.c ipt.h
|
||||
FreeBSD/ ip_htable.c kmem.h
|
||||
FreeBSD-2.2/ ip_htable.h l4check/
|
||||
FreeBSD-3/ ip_ipsec_pxy.c lib/
|
||||
FreeBSD-4.0/ ip_irc_pxy.c man/
|
||||
HISTORY ip_log.c md5.c
|
||||
IMPORTANT ip_lookup.c md5.h
|
||||
INST.FreeBSD-2.2 ip_lookup.h mkfilters
|
||||
INSTALL.FreeBSD ip_msnrpc_pxy.c mlf_ipl.c
|
||||
INSTALL.xBSD ip_nat.c mlf_rule.c
|
||||
IPF.KANJI ip_nat.h mlfk_ipl.c
|
||||
IPFILTER.LICENCE ip_netbios_pxy.c mlfk_rule.c
|
||||
Makefile ip_pool.c mlh_rule.c
|
||||
NAT.FreeBSD ip_pool.h net/
|
||||
QNX_OCL.txt ip_pptp_pxy.c netinet/
|
||||
README ip_proxy.c opts.h
|
||||
STYLE.TXT ip_proxy.h pcap-ipf.h
|
||||
WhatsNew40.txt ip_raudio_pxy.c perl/
|
||||
Y2K ip_rcmd_pxy.c radix.c
|
||||
bpf-ipf.h ip_rpcb_pxy.c radix_ipf.h
|
||||
bpf_filter.c ip_rules.c rules/
|
||||
bsdinstall ip_rules.h samples/
|
||||
buildsunos ip_scan.c snoop.h
|
||||
etc/ ip_scan.h test/
|
||||
fil.c ip_state.c todo
|
||||
ip_auth.c ip_state.h tools/
|
||||
ip_auth.h ip_sync.c typescript
|
||||
(freebsd6:/usr/src/contrib/ipfilter) cd ..
|
||||
(freebsd6:/usr/src/contrib) mv ipfilter ipfilter.i
|
||||
(freebsd6:/usr/src/contrib) cd !$ipfilter.i
|
||||
(freebsd6:/usr/src/contrib/ipfilter.i) l */CVS
|
||||
/bin/ls: No match.
|
||||
(freebsd6:/usr/src/contrib/ipfilter.i) cvs m[K[K
|
||||
(freebsd6:/usr/src/contrib/ipfilter.i) cvs import[10D[K
|
||||
(freebsd6:/usr/src/contrib/ipfilter.i) ~
|
||||
/home/darrenr: Permission denied.
|
||||
(freebsd6:/usr/src/contrib/ipfilter.i) ~[K
|
||||
(freebsd6:/usr/src/contrib/ipfilter.i) suspend
|
||||
(freebsd6:/usr/src/contrib/ipfilter.i) history
|
||||
1 17:24 cd /usr/src/contrib/ipfilter
|
||||
2 17:24 l
|
||||
3 17:24 l CVS
|
||||
4 17:24 \rm -rf CVS
|
||||
5 17:24 l
|
||||
6 17:24 cd ..
|
||||
7 17:24 mv ipfilter ipfilter.i
|
||||
8 17:24 cd ipfilter.i
|
||||
9 17:24 l */CVS
|
||||
10 17:25 ~
|
||||
11 17:25 suspend
|
||||
12 17:25 history
|
||||
(freebsd6:/usr/src/contrib/ipfilter.i)
|
||||
(freebsd6:/usr/src/contrib/ipfilter.i) kill -STOP $$
|
||||
|
||||
^C
|
||||
c
|
||||
|
||||
|
||||
[K(freebsd6:/usr/src/contrib/ipfilter.i)
|
||||
(freebsd6:/usr/src/contrib/ipfilter.i) c
|
||||
|
Loading…
x
Reference in New Issue
Block a user