Re: Sunscreen 3.2 on Sol9 kills TOS/Codepoint fields
- --- In firstname.lastname@example.org, "davidwkerr" <dpkerr@k...> wrote:
> Hi,I like that firewall/NAT's that "behave properly. I'm not sure
> From what I can see on a Solaris 9 Router, Sunscreen zeroes the DS
> Codepoint byte on ALL TCP headers! Does anyone know if Sunscreen can
> be "told" not to do this?
> Failing that, does anyone know if IPFilter with NAT behaves just as
> badly or does it leave the headers alone?
> I suspect that it is Dynamic NAT in Sunscreen which does the damage.
> Any other information would be welcomed.
> I suspect Sun would not change Sunscreen to behave properly if it is
> going to be end-of-lifed, hence I hope IPFilter behaves.
if it can be done with SunScreen and your right it will not
be a candidate for update. Now there is funny guy named
Darren Reed who usally hangs out on the mailing.unix.ipfilter
list. Darren made reference to an announcement for version 4 of
IPfilter on Solaris. You might want to bring up this specific
question on that list. He might have a comment if it's
By the way it might make a good discussion on how IPfilter's NAT
fits into Solaris 10 fast sockets, N1 adn zones with the
up and coming talk to the experts that was recently announced a few
messages back. Much to think about.