Greetings, I am trying to setup a development Linux Slackware system to develop an extension to IPFILTER to 'filter' on RPC calls/responses, over UDP/TCP.
Currently the extension is the 'rpc' keyword so # UDP pass in quick proto udp all rpc = portmapper keep state pass in quick proto udp all rpc 390100:390120 keep state This checks that the PROGRAM is either portmapper or in the LEGATO (EMC NetWorker, backup software, aka SUN EBS) range. Basically this differs from the "PROXY" approach because instead of checking for portmapper calls and creating states for these connections, I simply look at the RPC call packet and when I see a RPC call I can mark the XID and 'expect' a response (RPC response) and allow it. So basically the firewall can 'close' everything and allow packets that are RPC calls and responses for given ranges (such as portmapper and Legato). The code that I've sent (experimental) also includes a first attempt for TCP, but for TCP I'm not yet very satisfied. The changes are fairly simple and are marked with #ifdef STES in the ipfilter source code. I know there are also people working on RPC proxy etc. so if feedback exists on the RPC call/response idea (maybe it is just not possible/correct to do it like this) are most welcome. Regards, DAvid Stes [EMAIL PROTECTED]
