GateKeeper

Gatekeeper was written a few years ago to stop some noxious hacker from getting into a network I was administering. It’s a really simple firewall (though it’s getting a little bit more complicated over time) that allows the attacker to do the three-way handshake before stepping in and kicking them off the line, but the Webshield kernel, which is not accessable from the outside world, thus forcing the attacker to do keyhole or denial-of-service attacks instead of the traditional rootkitting of the firewall and subsequent running rampant over the entire network.

A second approach to making your machines unrootable is to run something like Mastodon Linux, which doesn’t have any rootkits for it yet. But the gatekeeper + kernel approach wins pretty largely on the security via invisibility approach, as long as you don’t leave any wide open holes into your local network.

version 1.2: manpages deserve a minor version upgrade. Now all the programs and the .cf file format are documented, which is something new.
version 1.1: This version reinvents the wheel. I’ve changed the data structures internally so that they are much closer to the linux ip_fw structure, plus I’ve added support for hard firewalls (kernel ip filtering) and have added an ipfw program that is almost enough to replace the old ipfwadm program. This should be version 2.0, except for the teeny detail that I’ve not yet properly tested it, I want to put in the rest of the ipfwadm functionality, and I really need to document the thing.
version 1.0: The first generation of the gatekeeper firewall. This only does soft firewalling – it allows the connection to establish (but NO traffic is allowed to flow through) before either allowing or forbidding it.

home
@orc@chaosfem.tw
sitemap
colophon
/~orc/index.text
Wed Jan 16 00:43:19 PST 2008