BSDCan Banner
Home
Registration
Presentations
Speakers
Tutorials
Schedule
Sponsors
Call for papers
Papers
Committee

Social
BOFs
Creating a firewall for use with Jail(8)

Jails are great, but it's not a great idea for jail users to firewall their virtual interface. Best practices involve firewalling upstream, but this generally means someone has to maintain the firewall rules. We present an automated system that allows Jailed accounts to modify an upstream firewall using a combination of Guardian (http://www.chaotic.org/guardian/) and Snort. The benefit of this system is that Jailed users can now directly control their own firewall rules without adminstrator assistance.

The system comprises of a script that the Jailed user can execute which sends a packet through the upstream firewall. This packet contains a digitally signed set of instructions for modifying the firewall rules. The packet triggers a signature match in Snort, which is then captured by Guardian, which then adjusts the firewall rules accordingly.

speaker: Wes Sonnenreich

location not assigned

Hotel + Travel
U of O Campus
About Ottawa
Maps
FAQ
Forum

Links
Help out!
Contact Us
News
Privacy
What is BSD?

BSDCan 2004
BSDCan 2005
BSDCan 2006
BSDCan 2007
BSDCan 2008
BSDCan 2009
BSDCan 2010
BSDCan 2011
BSDCan 2012
BSDCan 2013
Copyright © 2003-2011 BSDCan. All rights reserved.
Valid HTML, and CSS