[TriLUG] OT: Firewalling a Solaris 9 box

Matthew Lavigne lavigne at thosebastards.net
Fri Mar 23 23:04:56 EDT 2007


Ben,

So back to ipfilter?  I am looking for a way to make this the most reliable
but I understand that spoofing can exploit quite a bit.  The primary problem
is that there are not a lot of options to lock this box down due to
limitations in the software on the Solaris system. So looking for
suggestions of the best way to go.

Matthew

On 3/23/07, Ben Pitzer <bpitzer at gmail.com> wrote:
>
> Wrappers like this are fairly easy to exploit via scripting with spoofed
> source IPs, and I would not be willing to bet my server on hosts.allow and
> hosts.deny.
>
> -Ben Pitzer
>
>
> On 3/23/07, Engle, Victor <Victor.Engle at netapp.com> wrote:
> >
> >
> > What kind of connections will be made to the solaris9 box? tcpd with
> > host.allow and host.deny might work for you.
> >
> > -----Original Message-----
> > From: trilug-bounces at trilug.org [mailto:trilug-bounces at trilug.org] On
> > Behalf Of Matthew Lavigne
> > Sent: Friday, March 23, 2007 11:00 AM
> > To: Triangle Linux Users Group discussion list
> > Subject: [TriLUG] OT: Firewalling a Solaris 9 box
> >
> > Ok folks, I know that some of you are *nix gurus, I am looking for a way
> > to firewall a Solaris9 system (sparc).  I need something that is similar
> > to iptables, because the Solaris box is not a router and I don't want it
> > in stealth mode (so I think that SunScreen is out).  What I need to be
> > able to do for all practical purposes it so maintain positive control of
> > the system that connect to this box and only have select systems
> > connect.
> >
> > Ideas and suggestions OTHER then loading linux would be appreciated as
> > this system has to run Solaris9.
> >
> >
> > Matthew Lavigne
> > --
> > TriLUG mailing list        :
> > http://www.trilug.org/mailman/listinfo/trilug
> > TriLUG Organizational FAQ  : http://trilug.org/faq/ TriLUG Member
> > Services FAQ : http://members.trilug.org/services_faq/
> > --
> > TriLUG mailing list        :
> http://www.trilug.org/mailman/listinfo/trilug
> > TriLUG Organizational FAQ  : http://trilug.org/faq/
> > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> >
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>



More information about the TriLUG mailing list