From bf14e64afe4f81f662485a23c288ae2cdb3646d2 Mon Sep 17 00:00:00 2001 From: darrenr Date: Mon, 25 Apr 2005 17:40:37 +0000 Subject: these files should never have been imported...they are junk --- contrib/ipfilter/todo | 98 ----------------------------------- contrib/ipfilter/typescript | 121 -------------------------------------------- 2 files changed, 219 deletions(-) delete mode 100644 contrib/ipfilter/todo delete mode 100644 contrib/ipfilter/typescript (limited to 'contrib') diff --git a/contrib/ipfilter/todo b/contrib/ipfilter/todo deleted file mode 100644 index 5b2c059..0000000 --- a/contrib/ipfilter/todo +++ /dev/null @@ -1,98 +0,0 @@ -BUGS: ------ -* fix "to " bug on FreeBSD 2.2.8 -fastroute works - -=============================================================================== -GENERAL: --------- - -* support redirection like "rdr tun0 0/32 port 80 ..." - -* use fr_tcpstate() with NAT code for increased NAT usage security or even - fr_checkstate() - suspect this is not possible. - -* add another alias for for interfaces ? as well as - all IP#'s associated with the box ? - -time permitting: - -* load balancing across interfaces - -* record buffering for TCP/UDP - -* modular application proxying --done - -* allow multiple ip addresses in a source route list for ipsend - -* port IP Filter to Linux -Not in this century. - -* document bimap - -* document NAT rule order processing - -* add more docs -in progress - -3.4: -XDDD. I agree. Bandwidth Shapping and QoS (Quality of Service, AKA -traffic priorization) should be *TOP* in the TO DO list. - -* Bandwidth limiting!!! -maybe for solaris, otherwise "ALTQ" -* More examples -* More documentation -* Load balancing features added to the NAT code, so that I can have -something coming in for 20.20.20.20:80 and it gets shuffled around between -internal addresses 10.10.10.1:8000 and 10.10.10.2:8000. or whatever. -- done, stage 1 (round robin/split) -The one thing that Cisco's PIX has on IPF that I can see is that -rewrites the sequence numbers with semi-random ones. -- done - -I would also love to see a more extensive NAT. It can choose to do -rdr and map based on saddr, daddr, sport and dport. (Does the kernel -module already have functionality for that and it just needs support in -the userland ipnat?) --sort of done - - * intrusion detection - detection of port scans - detection of multiple connection attempts - - * support for multiple log files - i.e. all connections to ftp and telnet logged to - a seperate log file - - * multiple levels of log severity with E-mail notification - of intrusion alerts or other high priority errors - - * poison pill facility - after detection of a port scan, start sending back - large packets of garbage or other packets to - otherwise confuse the intruder (ping of death?) - -IPv6: ------ -* NAT is yet not available, either as a null proxy or address translation - -BSD: -* "to " and "to :" are not supported, but "fastroute" is. - -Solaris: -* "to :" is not supported, but "fastroute" is and "to " are. - -Tru64: ------- -* IPv6 checksum calculation for RST's and ICMP packets is not done (there - are routines in the Tru64 kernel to do this but what is the interface?) - -does bimap allow equal sized subnets? - -make return-icmp 'intelligent' if no type is given about what type to use? - -reply-to - enforce packets to pass through interfaces in particular -combinations - opposite to "to", set reverse path interface - diff --git a/contrib/ipfilter/typescript b/contrib/ipfilter/typescript deleted file mode 100644 index 1446ac4..0000000 --- a/contrib/ipfilter/typescript +++ /dev/null @@ -1,121 +0,0 @@ -Script started on Mon Apr 25 17:24:29 2005 -/sbin /usr/sbin /bin /usr/bin /etc /usr/sbin -FreeBSD FreeBSD/i386.6.0 on /dev/ttyp0 -tcsh -.cshrc -(.cshrc) --done. -/bin /sbin /etc /usr/bin /usr/sbin /usr/games -.cshrc done -TERM = vt100 -/usr/X11R6/man /usr/share/man -(freebsd6:~) cd /usr/src/sycontrib/ipfilter -(freebsd6:/usr/src/contrib/ipfilter) l -./ ip_compat.h ipf.h -../ ip_fil.c ipl.h -.cvsignore ip_fil.h iplang/ -BNF ip_fil_freebsd.c ipmon.h -BSD/ ip_frag.c ipsd/ -BugReport ip_frag.h ipsend/ -CVS/ ip_ftp_pxy.c ipt.h -FAQ.FreeBSD ip_h323_pxy.c kmem.h -FWTK/ ip_htable.c l4check/ -FreeBSD/ ip_htable.h lib/ -FreeBSD-2.2/ ip_ipsec_pxy.c man/ -FreeBSD-3/ ip_irc_pxy.c md5.c -FreeBSD-4.0/ ip_log.c md5.h -HISTORY ip_lookup.c mkfilters -IMPORTANT ip_lookup.h mlf_ipl.c -INST.FreeBSD-2.2 ip_msnrpc_pxy.c mlf_rule.c -INSTALL.FreeBSD ip_nat.c mlfk_ipl.c -INSTALL.xBSD ip_nat.h mlfk_rule.c -IPF.KANJI ip_netbios_pxy.c mlh_rule.c -IPFILTER.LICENCE ip_pool.c net/ -Makefile ip_pool.h netinet/ -NAT.FreeBSD ip_pptp_pxy.c opts.h -QNX_OCL.txt ip_proxy.c pcap-ipf.h -README ip_proxy.h perl/ -STYLE.TXT ip_raudio_pxy.c radix.c -WhatsNew40.txt ip_rcmd_pxy.c radix_ipf.h -Y2K ip_rpcb_pxy.c rules/ -bpf-ipf.h ip_rules.c samples/ -bpf_filter.c ip_rules.h snoop.h -bsdinstall ip_scan.c test/ -buildsunos ip_scan.h todo -etc/ ip_state.c tools/ -fil.c ip_state.h typescript -ip_auth.c ip_sync.c -ip_auth.h ip_sync.h -(freebsd6:/usr/src/contrib/ipfilter) l CVS -./ Entries Repository -../ Entries.Log Root -(freebsd6:/usr/src/contrib/ipfilter) \rm -rf CVS -(freebsd6:/usr/src/contrib/ipfilter) l -./ ip_compat.h ip_sync.h -../ ip_fil.c ipf.h -.cvsignore ip_fil.h ipl.h -BNF ip_fil_freebsd.c iplang/ -BSD/ ip_frag.c ipmon.h -BugReport ip_frag.h ipsd/ -FAQ.FreeBSD ip_ftp_pxy.c ipsend/ -FWTK/ ip_h323_pxy.c ipt.h -FreeBSD/ ip_htable.c kmem.h -FreeBSD-2.2/ ip_htable.h l4check/ -FreeBSD-3/ ip_ipsec_pxy.c lib/ -FreeBSD-4.0/ ip_irc_pxy.c man/ -HISTORY ip_log.c md5.c -IMPORTANT ip_lookup.c md5.h -INST.FreeBSD-2.2 ip_lookup.h mkfilters -INSTALL.FreeBSD ip_msnrpc_pxy.c mlf_ipl.c -INSTALL.xBSD ip_nat.c mlf_rule.c -IPF.KANJI ip_nat.h mlfk_ipl.c -IPFILTER.LICENCE ip_netbios_pxy.c mlfk_rule.c -Makefile ip_pool.c mlh_rule.c -NAT.FreeBSD ip_pool.h net/ -QNX_OCL.txt ip_pptp_pxy.c netinet/ -README ip_proxy.c opts.h -STYLE.TXT ip_proxy.h pcap-ipf.h -WhatsNew40.txt ip_raudio_pxy.c perl/ -Y2K ip_rcmd_pxy.c radix.c -bpf-ipf.h ip_rpcb_pxy.c radix_ipf.h -bpf_filter.c ip_rules.c rules/ -bsdinstall ip_rules.h samples/ -buildsunos ip_scan.c snoop.h -etc/ ip_scan.h test/ -fil.c ip_state.c todo -ip_auth.c ip_state.h tools/ -ip_auth.h ip_sync.c typescript -(freebsd6:/usr/src/contrib/ipfilter) cd .. -(freebsd6:/usr/src/contrib) mv ipfilter ipfilter.i -(freebsd6:/usr/src/contrib) cd !$ipfilter.i -(freebsd6:/usr/src/contrib/ipfilter.i) l */CVS -/bin/ls: No match. -(freebsd6:/usr/src/contrib/ipfilter.i) cvs m -(freebsd6:/usr/src/contrib/ipfilter.i) cvs import -(freebsd6:/usr/src/contrib/ipfilter.i) ~ -/home/darrenr: Permission denied. -(freebsd6:/usr/src/contrib/ipfilter.i) ~ -(freebsd6:/usr/src/contrib/ipfilter.i) suspend -(freebsd6:/usr/src/contrib/ipfilter.i) history - 1 17:24 cd /usr/src/contrib/ipfilter - 2 17:24 l - 3 17:24 l CVS - 4 17:24 \rm -rf CVS - 5 17:24 l - 6 17:24 cd .. - 7 17:24 mv ipfilter ipfilter.i - 8 17:24 cd ipfilter.i - 9 17:24 l */CVS - 10 17:25 ~ - 11 17:25 suspend - 12 17:25 history -(freebsd6:/usr/src/contrib/ipfilter.i) -(freebsd6:/usr/src/contrib/ipfilter.i) kill -STOP $$ - -^C -c - - -(freebsd6:/usr/src/contrib/ipfilter.i) -(freebsd6:/usr/src/contrib/ipfilter.i) c - -- cgit v1.1