From owner-freebsd-security Thu Jan 25 22: 6:29 2001 Delivered-To: freebsd-security@freebsd.org Received: from elvis.mu.org (elvis.mu.org [207.154.226.10]) by hub.freebsd.org (Postfix) with ESMTP id 726BB37B69C; Thu, 25 Jan 2001 22:06:09 -0800 (PST) Received: by elvis.mu.org (Postfix, from userid 1098) id 0527F2B54D; Fri, 26 Jan 2001 00:05:58 -0600 (CST) Date: Fri, 26 Jan 2001 00:05:58 -0600 From: Bill Fumerola To: Justin Stanford Cc: questions@freebsd.org, security@freebsd.org Subject: Re: ipfw security patch problem.. Message-ID: <20010126000558.I57121@elvis.mu.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from jus@security.za.net on Fri, Jan 26, 2001 at 08:00:04AM +0200 X-Operating-System: FreeBSD 4.2-FEARSOME-20001103 i386 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, Jan 26, 2001 at 08:00:04AM +0200, Justin Stanford wrote: > Hi, > > I upgraded my ipfw yesterday on my 4.0-STABLE system with the patch by > following the instructions to the letter for the security bug discovered > by Aragon Gouveia, and compile and install appeared to go seamlessly. > > However, ipfw now gives me this type of problem: > > [root@athena]~# ipfw add 5000 deny tcp from any to 196.30.167.200 515 via rl0 > 05000 deny tcp from any to 196.30.167.200 515 via rl0 > ip_fw_ctl: empty interface name > ipfw: setsockopt(IP_FW_ADD): Invalid argument > [root@athena]~# You have to compile ipfw(8), compile a new kernel (or reload a new module), and ipfw(8) needs to have /sys/netinet/ip_fw.h copied to /usr/include/netinet unless you used buildworld(this needs to happen before recompiling ipfw). -- Bill Fumerola - security yahoo / Yahoo! inc. - fumerola@yahoo-inc.com / billf@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message