Index of /ExFilter
ExFilter Firewall Software README File
ExFilter Firewall Software README File
# @(#) README.demo 1.2@(#) 95/05/22 # Modified
(c) ExNet Systems Ltd 1995, 1996.
1) Please note that this software is supplied to you ``as is'' and without
warranty of any kind. You may only use it for demo or evaluation purposes,
and for a maximum of one month, and must delete it and accompanying
documentation after that time. You may seek explicit permission from us to
use it for longer. We may grant this if you are an educational
establishment or a private individual, or a bulletin board, distributor or
other responsible redistributer. Please email us at info@exnet.com and ask
us, supplying us with your email address and real name and a brief reason
for wanting to retain this demo software rather than buy the real thing.
Under no circumstances may you disassemble or reverse-engineer this or the
normal ExFilter executables. We advise you to get the demo kit directly
from our site ftp.exnet.com to minimise any possibility of the software
being tampered with before you get it.
2) Please note in particular that we cannot accept any liability for direct or
consequential or any other losses from use of this software, especially due
to hacking.
3) A brief setup guide:
a) Configure your firewall host with the minimum of services running
(often none from inetd, for example) and a minimal kernel with *ROUTING
TURNED OFF IN THE KERNEL*, eg build your kernel with:
options "IPFORWARDING=-1"
in the config file, and remove any unneeded options such as server- and
client- side NFS.
Turn off NIS (or YP, as it was).
You should obtain and apply the latest version of Sun's jumbo STREAMS
patch 100359 applicable to your SunOS version.
b) Unpack the tar archive the software arrived in.
c) Pick the appropriate executable for your host's architecture, and copy
it somewhere suitable, eg /usr/etc.
The ExFilter.c.* executables provided are very cut-down versions really
only suitable for evaluation. Only a maximum of two interfaces (eg le0
and dp2) are supported, and a maximum of thirteen `route' routing
rules. In addition, the use of the HUP signal for reloading the
ExFilter configuration is disabled. Otherwise, the executables are
fully functional.
d) Copy the tinyeg.conf to /etc/ExFilter.conf. Modify the network
addresses in it to suit your network, including providing a sensible
address for the `gateway' record.
Provide a `verbosity' record with a value of about 5 or above for
initial debugging and setup, and consider switching on the `trace'
gateway parameter initially, eg:
gateway trace
Double check everything you have done above.
e) Insert startup code for ExFilter into rc.local to run after all your IP
interfaces have been brought up, something like this:
EXFILTER=/usr/etc/ExFilter.O.sun4-SunOS-4
if [ -f $EXFILTER ]; then
echo 'Starting Exfilter.'
($EXFILTER &) > /dev/console
fi
f) Think again about your configuration! It may be all that stands
between you and the wily hackers!
g) Start up ExFilter by hand in the foreground and watch the output from
syslog. You can kill ExFilter with your INT character, usually ^C.
h) Try rebooting the machine to check everything starts correctly in that
case and that no packets are being let through that shouldn't be (eg
nothing turns kernel routing on).
i) When you are happy everything is working you may consider turning down
verbosity to about 3 (so you can still see throttling going on and
off), and almost certainly turn trace mode off if you haven't already.
j) Keep an eye on network and gateway behaviour for unexpected behaviour.
Don't entirely automate this, since the first thing a wily hacker
should do is subvert any such mechanism.
4) Buy the software!
Contact info@exnet.com, tel +44 181 296 5577, fax +44 181 296 5578.
Enjoy!
ExNet home page
General queries to info@exnet.com,
system queries to sysadmin@exnet.com.
Copyright ESL 1995.