following changes is made in the linux-2.0.33 firewall code,
1. Add skb to call_*_firewall functions. This enables one to have more
control over the packets. This also simplifies the interface for
protocol level encryption like SKIP for IP.
2. Add support for User Level Firewall (ULF). The User Level Firewall
can be used to grant or deny the access for the host based firewall
based on user. This is very useful in case on host based firewall
in many public and corporate servers having many users with different
priorities.
Linux-kernel patch for User Level Firewall (UFL) is now made available.
The more information about UFL and patch can be downloaded from,
http://www.geocities.com/SiliconValley/Park/4863/ulf.html
We invite all to try out this patch. It has been tested by others and
myself and no bugs or instability found so far.
Regards,
Yusuf
-------------------------------------------------------------------------
What is USER LEVEL FIREWALL (ULF)?
Linux and other operating systems include facilities for kernel-level
packet
filtering. This filtering is based on networking rules such as source
and
destination addresses, services, network device etc. This is fine with
network firewall. However for host based firewall, it is many time
required to grant or deny the access based on user. This is true for
many
public or corporate servers. The current firewall facilities do not
address
this issue and hence the concept of User Level Firewall is useful in
these
situations.
The User Level Firewall is an extension to the current firewall
facilities
and hence it has all the capabilities of current firewall implementation
in addition to the User Level Firewall. It checks the packets for the
ownership based on UID or GID and decides whether to allow or block the
packet.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu