Date: Sun, 23 Jun 1996 14:51:07 +1000 (EST) From: Darren Reed <avalon@coombs.anu.edu.au> To: stesin@elvisti.kiev.ua (Andrew V. Stesin) Cc: freebsd-security@FreeBSD.org Subject: Re: IPFW vs. IP Filter? Message-ID: <199606230452.VAA29599@freefall.freebsd.org> In-Reply-To: <199606222305.CAA15185@office.elvisti.kiev.ua> from "Andrew V. Stesin" at Jun 23, 96 02:05:13 am
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Andrew V. Stesin, sie said: [...] > 1. Sending TCP RST in reply to unsolicited TCP SYN > didn't work. That was solved, thanks Darren, > but I'm not 100% sure that this patch is included > in 3.0.4 distribution. Just a minor nit, you can send a TCP RST in reply to any TCP packet except one containing an RST (feedback loop :-). > 2. With "in-kernel" version, "log body" doesn't work for > me; I discovered the fact too late, when fighting > with crashes of our firewall. Disabling all "log body" > clauses in filtering rules cured that mysterious crashes, > too, firewall is working for weeks just now, as I see. > Now when I'm just 90% sure I found the source of trouble, > which tortured me for weeks, probably it's time to > go check where exactly it lives. Thanks, I'll have a look too. Darren
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606230452.VAA29599>