Vol 71 Issue 1 2004-01-05 Article 11855 from section "SysAdmin's Section"

Excellent Features, OS Portability
along with OS portability

IP Filter, also known as ipfilter or ipf, offers excellent features
along with OS portability for sites that need to protect heterogeneous
environments. It performs a combination of stateful packet filtering and
Network Address Translation (NAT) to protect a network's routers and
individual hosts.

With the capability of running on several types of operating systems,
including Solaris[TM] Operating System (Solaris OS) (SPARC[R] and x86
Platform Editions) and SunOS[TM], the portion of the IP Filter that
interacts with the kernel can be compiled into the kernel itself,
compiled as a standalone kernel module, or both (but only one at a
time), depending on the OS. Under the Solaris OS, ipfilter is loaded as
a kernel module with the modload command.

If the target machine runs a 64-bit kernel, a 64-bit-capable compiler is
required with this filter.

The ipfilter package consists of several programs, including the ipf,
ipnat, ipfs, ipmon, ipfstat, ipftest, iptest, ipsend and ipresend.

Several tools are available for debugging and fine tuning if packets
that you think should make it past your filter are blocked or some
mapping doesn't appear to be translated. One is the NAT/filter log file,
the contents of which is controlled by the ipmon program.

Details at

Have a custom version of 'System News for Sun Users' delivered to you
via email each week in PDF, text or HTML. Only the sections that you
select will be included in your copy of the news magazine. Subscribe at
(c) 2003 System News, Inc.