[fw-wiz] Firewalls for IRIX.

Darren Reed darrenr@reed.wattle.id.au
Fri, 15 Jun 2001 14:14:56 +1000 (EST)


In some email I received from Swift Griggs, sie wrote:
> 	Currently I'm playing with an SGI Challenge S pretty much just for
> the novelty of the experience. I've got several SGI systems, and I've
> noticed that there are really only two packet filtering/mangling options
> available. The first is the ipfilterd that comes with IRIX. The second is
> Darren Reed's excellent ipfilter package. Unfortunately it only works with
> an unpatched IRIX 6.2 machine. I'd rather go with 6.5 since it has SACK,
> randomized ISNs (tcpiss_md5 = 1), and other nice optimizations to security
> and performance. So,
> 
> 	* Are there any options for 6.5 ?
> 	* Can 6.2 be patched for random ISN's ?
> 	* Can 6.2 be patched for more control over performance (more
> 		systune params like 6.5 has) ?
> 	* Anyone heard rumblings of ipfilter for 6.5 (Darren?)

I've got an Indy next to me here, at home, which I've been working on
occasionally to get IPFilter working on 6.5.  The current stumbling
block in progress there has been panic's when using kernel locking
and I've not looked at it in a good few months now.  Hmmm, I'm trying
to remember if there was some reason I stopped (like rm'd the wrong
file by mistake...)

Cheers,
Darren