Replace Switch with Firewall - Is there some auto-learnign tool forfirewall requirements?
Haas, Gisbert
ghaas at ibahn.com
Thu Nov 15 08:44:35 UTC 2007
I would simply use NTOP or Ethereal to get an idea whats going on. With
Ethereal you can put filters so you not capture all traffic.
-----Original Message-----
From: ubuntu-server-bounces at lists.ubuntu.com
[mailto:ubuntu-server-bounces at lists.ubuntu.com] On Behalf Of
ml at bortal.de
Sent: Thursday, November 15, 2007 9:42 AM
To: ubuntu-server at lists.ubuntu.com
Subject: Replace Switch with Firewall - Is there some auto-learnign tool
forfirewall requirements?
Hello List,
right now we have a "flat"-network (one subnet):
192.168.0.1-100 and 192.168.0.101-254
Those two Network segments are connected by a bridged linux box. Not
filtering at this point. Its just a switch really.
Now we would like to keep the "flat"-network for some good reasons and
replace the linux-bridge with a bridged firewall (physdev match).
Since i dont want to break the network with its functionality i thought
of capturing the current traffic for some time and check out the IPs,
Ports, etc... which are beeing used.
Like the learning mode grsecurity has. ( i acutally find this a very
cool idea! ;-) )
Based on the captured information i would like to create my firewall
rule with firewallbuilder.
I know i have to check out the captured rules well to make sure i dont
implement a hole in my firewall setup!
Is there a way or project to capture my firewall requirements? I guess i
basically need all SYN-Flags and its DEST-Ports?
How can i get them easily out the the massive traffic each day? Do you
need more infos?
Any ideas are welcome!
Thanks, Mario
--
ubuntu-server mailing list
ubuntu-server at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
More information about the ubuntu-server
mailing list