Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 3 Apr 2003 23:53:27 +0200
From:      jeremie le-hen <le-hen_j@epita.fr>
To:        ipfw@freebsd.org
Subject:   Implementing ranges in ipfw2
Message-ID:  <20030403215327.GJ7538@annelo.epita.fr>

next in thread | raw e-mail | index | archive | help
Hi,

I going to implement ranges for IPLEN using the same way as for transport
layer ports (struct _ipfw_insn_u16). But I'm wondering if this kind of test
should be only applied on first/only fragments, since a malicious application
could use small fragment in order to bypass firewall rules.

I'm waiting for your comments.
-- 
Jeremie aka TtZ
le-hen_j@epita.fr



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030403215327.GJ7538>