From owner-freebsd-hackers Sun Mar 14 6:27: 0 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from relay.ucb.crimea.ua (relay.ucb.crimea.ua [212.110.138.1]) by hub.freebsd.org (Postfix) with ESMTP id 2E8A614E0E; Sun, 14 Mar 1999 06:24:45 -0800 (PST) (envelope-from ru@ucb.crimea.ua) Received: (from ru@localhost) by relay.ucb.crimea.ua (8.9.2/8.9.2/UCB) id QAA11607; Sun, 14 Mar 1999 16:24:20 +0200 (EET) (envelope-from ru) Date: Sun, 14 Mar 1999 16:24:19 +0200 From: Ruslan Ermilov To: dg@freebsd.org Cc: hackers@freebsd.org Subject: Re: ipflow and ipfirewall Message-ID: <19990314162419.A10242@relay.ucb.crimea.ua> Mail-Followup-To: dg@freebsd.org, hackers@FreeBSD.ORG References: <19990313200150.A83040@relay.ucb.crimea.ua> <199903131819.TAA29395@rt2.synx.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.3i In-Reply-To: <199903131819.TAA29395@rt2.synx.com>; from Remy Nonnenmacher on Sat, Mar 13, 1999 at 07:11:19PM +0100 X-Operating-System: FreeBSD 3.1-STABLE i386 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, Mar 13, 1999 at 07:11:19PM +0100, Remy Nonnenmacher wrote: > On 13 Mar, Ruslan Ermilov wrote: > > Hi! > > > > I thought about starting to use fast IP forwarding, but... > > > > It seems that such "fast forwardable" packets, when passed from > > ether_input(), for example, just simply bypass all firewall checks. > > > > Am I right? > > > > you are. > It's a big security leak... David, was it supposed by design (that such packets bypass firewall)? -- Ruslan Ermilov Sysadmin and DBA of the ru@ucb.crimea.ua United Commercial Bank +380.652.247.647 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message