[X-Unix] "egress filter" on OSX?

[Alan Harper]

I've never heard of this, but its quite common for firewalls to specifically block IP ranges which are wrong for that interface. Some sort of ipfw script which only permitted packets on your internal subnet to come via the appropriate interface would have a desireable secure affect. Hope this sets you in the right direction
On Wed, Jan 21, 2004 at 01:24:33PM -0700, James Burton wrote:
> A week ago, I installed SNORT on the iMac I use as a server, and the 
> past two days I've been getting alerts of suspicious traffic 
> ""BAD-TRAFFIC loopback traffic"
> 
> A file referenced in the alert explains that this happens when someone 
> spoofs an internal IP and uses it to snoop for exploitable ports.
> 
> The file also says that to combat this, one should employ an "egress 
> filter." Does anyone know how to set this up on OSX? One would think 
> that this would be built-in since it seems to be a common avenue of 
> attack.
> 
> Jim
> 
> 
> ----------
> Check out the Mac OS X email list FAQ
> http://www.themacintoshguy.com/lists/X.html
> 
> To unsubscribe, E-mail to: <X-Unix-off at lists.themacintoshguy.com>
> To switch to the DIGEST mode, E-mail to 
> <X-Unix-digest at lists.themacintoshguy.com>
> Need help from a real person? Try.  
> <X-Unix-request at lists.themacintoshguy.com>
> 
> ----------
> $14.99 Unlimited Nationwide Mac Dialup and Mac Web Hosting from your Mac 
> ISP Serious Mac Internet Solutions From NineWire!   
> http://macinternetaccess.com
> 
> DVIator   | Run Dual ADC displays on your G4 or just one on an older Mac! 
> Dr. Bott  | <http://www.drbott.com/prod/DVIator.html>
> 
>   Support   | Support this list by clicking here before you buy!
>  this List  |  http://www.themacintoshguy.com/support.html
> 
> OS X News, Dr.Mac, Forums, Tutorials, Tips, Hints, FAQ?s - 
> http://www.osxfaq.com

-- 
Alan Harper			E: alan at aussiegeek.net
Linux / Mac Geek		W: www.aussiegeek.net
Mac OS X: Because making Unix user friendly was easier than fixing windows