Date: Sun, 15 Jul 2012 04:51:39 +1000 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: Chris Rees <utisoft@gmail.com> Cc: freebsd-ipfw@freebsd.org, freebsd-bugs@freebsd.org Subject: Re: kern/165939: [ipw] security bug: incomplete firewall rules loaded if tables are used in ipfw.conf Message-ID: <20120715042336.H74353@sola.nimnet.asn.au> In-Reply-To: <CADLo83-C_6=AMHejePkCLnRfQWKFUwvM7as5vSnJDRMULKH4vw@mail.gmail.com> References: <201207141614.q6EGEi7P024139@freefall.freebsd.org> <20120715025005.I74353@sola.nimnet.asn.au> <CADLo83-C_6=AMHejePkCLnRfQWKFUwvM7as5vSnJDRMULKH4vw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 14 Jul 2012 18:59:54 +0100, Chris Rees wrote: > On 14 Jul 2012 18:49, "Ian Smith" <smithi@nimnet.asn.au> wrote: > > > > On Sat, 14 Jul 2012, crees@freebsd.org wrote: > > > http://www.freebsd.org/cgi/query-pr.cgi?pr=165939 [..] > > Yes, to such a ruleset you'd need to add 'table all flush' too. > > > > ipfw flush specifically does not flush tables. I've long relied upon > > that, using mostly static tables only reloaded from a file saved hourly > > by cron, when $firewall_script finds tables are not loaded - ie at boot. > > Not A Bug then? Not For Me at least, Chris. Maybe ipfw(8) isn't specific enough about flush? I can't speak for others, but don't think flushing all tables in rc.firewall useful when it's easy to include in your particular ruleset. cheers, Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120715042336.H74353>