From owner-freebsd-security  Sat Jun 22 21:52:40 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id VAA29604
          for security-outgoing; Sat, 22 Jun 1996 21:52:40 -0700 (PDT)
Received: from cheops.anu.edu.au (avalon@cheops.anu.edu.au [150.203.76.24])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id VAA29599
          for <freebsd-security@FreeBSD.org>; Sat, 22 Jun 1996 21:52:38 -0700 (PDT)
Message-Id: <199606230452.VAA29599@freefall.freebsd.org>
Received: by cheops.anu.edu.au
	(1.37.109.16/16.2) id AA108135467; Sun, 23 Jun 1996 14:51:07 +1000
From: Darren Reed <avalon@coombs.anu.edu.au>
Subject: Re: IPFW vs. IP Filter?
To: stesin@elvisti.kiev.ua (Andrew V. Stesin)
Date: Sun, 23 Jun 1996 14:51:07 +1000 (EST)
Cc: freebsd-security@FreeBSD.org
In-Reply-To: <199606222305.CAA15185@office.elvisti.kiev.ua> from "Andrew V. Stesin" at Jun 23, 96 02:05:13 am
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Sender: owner-security@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

In some mail from Andrew V. Stesin, sie said:
[...]
> 	1.  Sending TCP RST in reply to unsolicited TCP SYN
> 	    didn't work.  That was solved, thanks Darren,
> 	    but I'm not 100% sure that this patch is included
> 	    in 3.0.4 distribution.

Just a minor nit, you can send a TCP RST in reply to any TCP packet except
one containing an RST (feedback loop :-).

> 	2.  With "in-kernel" version, "log body" doesn't work for
> 	    me; I discovered the fact too late, when fighting
> 	    with crashes of our firewall.  Disabling all "log body"
> 	    clauses in filtering rules cured that mysterious crashes,
> 	    too, firewall is working for weeks just now, as I see.
> 	    Now when I'm just 90% sure I found the source of trouble,
> 	    which tortured me for weeks, probably it's time to
> 	    go check where exactly it lives.

Thanks, I'll have a look too.

Darren