User's Guide

sf Firewall Software--a TCP/IP packet filter for Linux

Table Of Contents

  1. Welcome!
    1. Will this software work for you?
    2. Other sources
    3. Source code availability
    4. Features
    5. Bugs!?
    6. How to contact us
    7. Copyright
    8. Bibliography
      1. Essential
      2. Recommended
  2. Installation
  3. Firewall Configuration
    1. IP Addresses
    2. The Setup Section
    3. The Configuration Section
    4. The Notification Section
    5. Writing Filter Rules
      1. Block or Reject Packets?
      2. Filtering TCP Circuits
        1. FTP
        2. Sequence numbers
      3. Inbound and Outbound Packets
      4. Address Spoofing
      5. Fragmented IP Packets
    6. Syntax of the Configuration File
  4. Examples
  5. Starting and Controlling the Firewall
    1. Starting the Firewall
    2. Stopping the Firewall
    3. Reconfiguring the Firewall
    4. Checking a Configuration File
    5. Displaying the Current Configuration
    6. TCP connections
      1. Killing TCP connections
      2. Killing idle TCP connections
  6. Counter Intelligence
    1. Actions of the spy Process
    2. Output
      1. Example Output
  7. Log Output
    1. Output Destination
    2. Abbreviations
  8. Concepts
    1. Firewall-to-Firewall Protocol
      1. Firewall classes - Friends
      2. Firewall classes - Trusted
    2. ENskip support
      1. SKIP Certificate Discovery Protocol
      2. ENskip firewalling
  9. Limits
    1. Present Situation
    2. Protection by the sf Firewall System
    3. Remaining Loopholes

Copyright © 1996-1997 Robert Muchsel and Roland Schmid.