This commit was generated by cvs2svn to compensate for changes in r145513,

which included commits to RCS files with non-trunk default branches.
This commit is contained in:
Darren Reed 2005-04-25 17:40:37 +00:00
parent a72b0131c9
commit 83b71dcb90
2 changed files with 0 additions and 219 deletions

View File

@ -1,98 +0,0 @@
BUGS:
-----
* fix "to <ifname>" bug on FreeBSD 2.2.8
fastroute works
===============================================================================
GENERAL:
--------
* support redirection like "rdr tun0 0/32 port 80 ..."
* use fr_tcpstate() with NAT code for increased NAT usage security or even
fr_checkstate() - suspect this is not possible.
* add another alias for <thishost> for interfaces <thisif>? as well as
all IP#'s associated with the box <myaddrs>?
time permitting:
* load balancing across interfaces
* record buffering for TCP/UDP
* modular application proxying
-done
* allow multiple ip addresses in a source route list for ipsend
* port IP Filter to Linux
Not in this century.
* document bimap
* document NAT rule order processing
* add more docs
in progress
3.4:
XDDD. I agree. Bandwidth Shapping and QoS (Quality of Service, AKA
traffic priorization) should be *TOP* in the TO DO list.
* Bandwidth limiting!!!
maybe for solaris, otherwise "ALTQ"
* More examples
* More documentation
* Load balancing features added to the NAT code, so that I can have
something coming in for 20.20.20.20:80 and it gets shuffled around between
internal addresses 10.10.10.1:8000 and 10.10.10.2:8000. or whatever.
- done, stage 1 (round robin/split)
The one thing that Cisco's PIX has on IPF that I can see is that
rewrites the sequence numbers with semi-random ones.
- done
I would also love to see a more extensive NAT. It can choose to do
rdr and map based on saddr, daddr, sport and dport. (Does the kernel
module already have functionality for that and it just needs support in
the userland ipnat?)
-sort of done
* intrusion detection
detection of port scans
detection of multiple connection attempts
* support for multiple log files
i.e. all connections to ftp and telnet logged to
a seperate log file
* multiple levels of log severity with E-mail notification
of intrusion alerts or other high priority errors
* poison pill facility
after detection of a port scan, start sending back
large packets of garbage or other packets to
otherwise confuse the intruder (ping of death?)
IPv6:
-----
* NAT is yet not available, either as a null proxy or address translation
BSD:
* "to <if>" and "to <if>:<ip>" are not supported, but "fastroute" is.
Solaris:
* "to <if>:<ip>" is not supported, but "fastroute" is and "to <if>" are.
Tru64:
------
* IPv6 checksum calculation for RST's and ICMP packets is not done (there
are routines in the Tru64 kernel to do this but what is the interface?)
does bimap allow equal sized subnets?
make return-icmp 'intelligent' if no type is given about what type to use?
reply-to - enforce packets to pass through interfaces in particular
combinations - opposite to "to", set reverse path interface

View File

@ -1,121 +0,0 @@
Script started on Mon Apr 25 17:24:29 2005
/sbin /usr/sbin /bin /usr/bin /etc /usr/sbin
FreeBSD FreeBSD/i386.6.0 on /dev/ttyp0
tcsh
.cshrc
(.cshrc)
-done.
/bin /sbin /etc /usr/bin /usr/sbin /usr/games
.cshrc done
TERM = vt100
/usr/X11R6/man /usr/share/man
(freebsd6:~) cd /usr/src/sycontrib/ipfilter
(freebsd6:/usr/src/contrib/ipfilter) l
./ ip_compat.h ipf.h
../ ip_fil.c ipl.h
.cvsignore ip_fil.h iplang/
BNF ip_fil_freebsd.c ipmon.h
BSD/ ip_frag.c ipsd/
BugReport ip_frag.h ipsend/
CVS/ ip_ftp_pxy.c ipt.h
FAQ.FreeBSD ip_h323_pxy.c kmem.h
FWTK/ ip_htable.c l4check/
FreeBSD/ ip_htable.h lib/
FreeBSD-2.2/ ip_ipsec_pxy.c man/
FreeBSD-3/ ip_irc_pxy.c md5.c
FreeBSD-4.0/ ip_log.c md5.h
HISTORY ip_lookup.c mkfilters
IMPORTANT ip_lookup.h mlf_ipl.c
INST.FreeBSD-2.2 ip_msnrpc_pxy.c mlf_rule.c
INSTALL.FreeBSD ip_nat.c mlfk_ipl.c
INSTALL.xBSD ip_nat.h mlfk_rule.c
IPF.KANJI ip_netbios_pxy.c mlh_rule.c
IPFILTER.LICENCE ip_pool.c net/
Makefile ip_pool.h netinet/
NAT.FreeBSD ip_pptp_pxy.c opts.h
QNX_OCL.txt ip_proxy.c pcap-ipf.h
README ip_proxy.h perl/
STYLE.TXT ip_raudio_pxy.c radix.c
WhatsNew40.txt ip_rcmd_pxy.c radix_ipf.h
Y2K ip_rpcb_pxy.c rules/
bpf-ipf.h ip_rules.c samples/
bpf_filter.c ip_rules.h snoop.h
bsdinstall ip_scan.c test/
buildsunos ip_scan.h todo
etc/ ip_state.c tools/
fil.c ip_state.h typescript
ip_auth.c ip_sync.c
ip_auth.h ip_sync.h
(freebsd6:/usr/src/contrib/ipfilter) l CVS
./ Entries Repository
../ Entries.Log Root
(freebsd6:/usr/src/contrib/ipfilter) \rm -rf CVS
(freebsd6:/usr/src/contrib/ipfilter) l
./ ip_compat.h ip_sync.h
../ ip_fil.c ipf.h
.cvsignore ip_fil.h ipl.h
BNF ip_fil_freebsd.c iplang/
BSD/ ip_frag.c ipmon.h
BugReport ip_frag.h ipsd/
FAQ.FreeBSD ip_ftp_pxy.c ipsend/
FWTK/ ip_h323_pxy.c ipt.h
FreeBSD/ ip_htable.c kmem.h
FreeBSD-2.2/ ip_htable.h l4check/
FreeBSD-3/ ip_ipsec_pxy.c lib/
FreeBSD-4.0/ ip_irc_pxy.c man/
HISTORY ip_log.c md5.c
IMPORTANT ip_lookup.c md5.h
INST.FreeBSD-2.2 ip_lookup.h mkfilters
INSTALL.FreeBSD ip_msnrpc_pxy.c mlf_ipl.c
INSTALL.xBSD ip_nat.c mlf_rule.c
IPF.KANJI ip_nat.h mlfk_ipl.c
IPFILTER.LICENCE ip_netbios_pxy.c mlfk_rule.c
Makefile ip_pool.c mlh_rule.c
NAT.FreeBSD ip_pool.h net/
QNX_OCL.txt ip_pptp_pxy.c netinet/
README ip_proxy.c opts.h
STYLE.TXT ip_proxy.h pcap-ipf.h
WhatsNew40.txt ip_raudio_pxy.c perl/
Y2K ip_rcmd_pxy.c radix.c
bpf-ipf.h ip_rpcb_pxy.c radix_ipf.h
bpf_filter.c ip_rules.c rules/
bsdinstall ip_rules.h samples/
buildsunos ip_scan.c snoop.h
etc/ ip_scan.h test/
fil.c ip_state.c todo
ip_auth.c ip_state.h tools/
ip_auth.h ip_sync.c typescript
(freebsd6:/usr/src/contrib/ipfilter) cd ..
(freebsd6:/usr/src/contrib) mv ipfilter ipfilter.i
(freebsd6:/usr/src/contrib) cd !$ipfilter.i
(freebsd6:/usr/src/contrib/ipfilter.i) l */CVS
/bin/ls: No match.
(freebsd6:/usr/src/contrib/ipfilter.i) cvs m
(freebsd6:/usr/src/contrib/ipfilter.i) cvs import
(freebsd6:/usr/src/contrib/ipfilter.i) ~
/home/darrenr: Permission denied.
(freebsd6:/usr/src/contrib/ipfilter.i) ~
(freebsd6:/usr/src/contrib/ipfilter.i) suspend
(freebsd6:/usr/src/contrib/ipfilter.i) history
1 17:24 cd /usr/src/contrib/ipfilter
2 17:24 l
3 17:24 l CVS
4 17:24 \rm -rf CVS
5 17:24 l
6 17:24 cd ..
7 17:24 mv ipfilter ipfilter.i
8 17:24 cd ipfilter.i
9 17:24 l */CVS
10 17:25 ~
11 17:25 suspend
12 17:25 history
(freebsd6:/usr/src/contrib/ipfilter.i)
(freebsd6:/usr/src/contrib/ipfilter.i) kill -STOP $$
^C
c
(freebsd6:/usr/src/contrib/ipfilter.i)
(freebsd6:/usr/src/contrib/ipfilter.i) c