From owner-freebsd-security  Tue Jul 25 14:53: 2 2000
Delivered-To: freebsd-security@freebsd.org
Received: from snafu.adept.org (adsl-63-201-63-44.dsl.snfc21.pacbell.net [63.201.63.44])
	by hub.freebsd.org (Postfix) with ESMTP id 347D037B791
	for <freebsd-security@FreeBSD.ORG>; Tue, 25 Jul 2000 14:53:00 -0700 (PDT)
	(envelope-from mike@adept.org)
Received: by snafu.adept.org (Postfix, from userid 1000)
	id BC1FE9EE01; Tue, 25 Jul 2000 14:52:35 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
	by snafu.adept.org (Postfix) with ESMTP
	id B463B9B001; Tue, 25 Jul 2000 14:52:35 -0700 (PDT)
Date: Tue, 25 Jul 2000 14:52:35 -0700 (PDT)
From: Mike Hoskins <mike@adept.org>
To: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>
Cc: Stephen Montgomery-Smith <stephen@math.missouri.edu>,
	freebsd-security@FreeBSD.ORG
Subject: Re: Problems with natd and simple firewall
In-Reply-To: <200007252128.OAA52048@gndrsh.dnsmgr.net>
Message-ID: <Pine.BSF.4.21.0007251450400.27924-100000@snafu.adept.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, 25 Jul 2000, Rodney W. Grimes wrote:

> a)  The non-problem it attempts to solve can be handled by a correct
>     ipfw rule set.

Agreed.

> c)  It also totally ignores the fact that the problematic IP addresses
>     are much more than RFC1918 and include the following:
> 	0.0.0.0/8, 127.0.0.0/8, 192.0.2.0/24, 169.254.0.0/16, 240.0.0.0/4
>     that need to be dealt with properly and carefully at both interfaces
>     in a firewall.

Point taken, and agreed.

-mrh



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message