Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 4 Feb 2002 17:38:25 -0800
From:      "Crist J. Clark" <cristjc@earthlink.net>
To:        Matthew Whelan <muttley@gotadsl.co.uk>
Cc:        "Jacques A. Vidrine" <n@nectar.cc>, Ruslan Ermilov <ru@FreeBSD.ORG>, Mike Tancsa <mike@sentex.net>, stable@FreeBSD.ORG, Warner Losh <imp@FreeBSD.ORG>
Subject:   Re: dropping 127.* on the floor
Message-ID:  <20020204173825.H3722@gohan.cjclark.org>
In-Reply-To: <KZWJE3VPJ5651WYXA7E0IH3ZLFOLI.3c5f1fce@VicNBob>; from muttley@gotadsl.co.uk on Mon, Feb 04, 2002 at 11:57:02PM -0000
References:  <5.1.0.14.0.20020204092437.050e66e0@marble.sentex.ca> <KZWJE3VPJ5651WYXA7E0IH3ZLFOLI.3c5f1fce@VicNBob>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, Feb 04, 2002 at 11:57:02PM -0000, Matthew Whelan wrote:
> 04/02/2002 14:29:08, Mike Tancsa <mike@sentex.net> wrote:
> 
> >What if this were dealt as part of firewall rules ?  i.e. GENERIC was built 
> >by default with IPFIREWALL and firewall_enable="YES" and 
> >firewall_type="OPEN" were set. That way the behavior that people have come 
> >to rely on is still there for those that need it.
> 
> Well, some way of forcing a strong endpoint model would definitely be nice. 

  net.inet.ip.check_interface=1

> Aren't the problems with trying to do it in ipfw/ipf effectively the same as 
> with ip_output.c though (namely that the destination address has been re-
> written before inspection)?

There is a long discussion of this on cvs-all@ too.

I think the current leaning is to take out the hardcoded block out
(the recent change) and instead get the ifconfig(8) of lo0 to actually
route things correctly. As for the old incoming block (almost a year
ago), we may add a sysctl(8) to disable it, but it will still be on by
default.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020204173825.H3722>