Date: Tue, 9 May 2000 23:40:01 -0700 (PDT) From: Charles Mott <cmott@scientech.com> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/18354: NATD diverts DMZ packets to firewall host Message-ID: <200005100640.XAA06152@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/18354; it has been noted by GNATS. From: Charles Mott <cmott@scientech.com> To: Brian Somers <brian@Awfulhak.org> Cc: goran.lowkrantz@infologigruppen.se, freebsd-gnats-submit@FreeBSD.org, Ruslan Ermilov <ru@FreeBSD.org>, Eivind Eklund <perhaps@yes.no>, Ari Suutari <ari@suutari.iki.fi> Subject: Re: bin/18354: NATD diverts DMZ packets to firewall host Date: Wed, 10 May 2000 00:38:36 -0600 (MDT) > We decided to ask about the original intentions and decide what to do > based on the outcome, but haven't received a reply from Charles (cc'd > as a gentle poke) yet. The original intention was that libalias would be cognizant of certain protocols (tcp, udp, icmp to start out with) and not alter or drop any other protocols. My opinion at the time was that ipfw rules should deal with other protocols. However, it appears that libalias is being generalized to handle arbitrary protocols, and my original thinking may no longer be appropriate. My suggestion is that incoming packets for arbitrary protocols (and not associated with an static redirect rules or dynamic associations) be dropped if the PKT_ALIAS_DENY_INCOMING bit is set. Charles Mott To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200005100640.XAA06152>