AS_IPFW 4.1 review
DownloadAS_IPFW is designed to be a firewall API, but also has some rulesets that can be used as-is in many situations. Version 4.0 adds sup
|
|
AS_IPFW is designed to be a firewall API, but also has some rulesets that can be used as-is in many situations.
Version 4.0 adds support for kernel-level iptables-based STEALTH SCAN (tcp half open) detection -- a first according to my research with a nameful search engine. It also dramatically slows down TCP FNX (FIN/NULL/XMAS) scans -- by more than 50000%, and UDP by more than 65000%! On top, it provides back false information to do the best in hindering and confusing hostile actions.
Unlike many other firewalls, AS_IPFW does not try to have a solution for every network topology. AS_IPFW project is more like an API. If you cannot find a ruleset that fits all your needs (and that's what a good firewall should require), you are encouraged to write a ruleset.
Because every so-called "style" (firewall ruleset) is written, maintained, and optimized "by hand", a high performance degree is achieved by keeping the number of necessary comparisons to verdict a packet low.
A handful of iptables extensions is required (in-kernel, as well as in userspace) -- details are in the GOT_EVERYTHING.txt file within the package.
What's New in This Release:
Support for network segment-based filtering and some warning options were added, and ipt_state is replaced by ipt_conntrack.
AS_IPFW 4.1 keywords