Replace Switch with Firewall - Is there some auto-learnign tool for firewall requirements?
ml at bortal.de
ml at bortal.de
Thu Nov 15 08:41:39 UTC 2007
Hello List,
right now we have a "flat"-network (one subnet):
192.168.0.1-100 and 192.168.0.101-254
Those two Network segments are connected by a bridged linux box. Not
filtering at this point. Its just a switch really.
Now we would like to keep the "flat"-network for some good reasons and
replace the linux-bridge with a bridged firewall (physdev match).
Since i dont want to break the network with its functionality i thought
of capturing the current traffic for some time and check out the IPs,
Ports, etc... which are beeing used.
Like the learning mode grsecurity has. ( i acutally find this a very
cool idea! ;-) )
Based on the captured information i would like to create my firewall
rule with firewallbuilder.
I know i have to check out the captured rules well to make sure i dont
implement a hole in my firewall setup!
Is there a way or project to capture my firewall requirements? I guess i
basically need all SYN-Flags and its DEST-Ports?
How can i get them easily out the the massive traffic each day? Do you
need more infos?
Any ideas are welcome!
Thanks, Mario
More information about the ubuntu-server
mailing list