Date: Wed, 15 Nov 2000 12:55:04 -0800 From: Steve Reid <sreid@sea-to-sky.net> To: Gerhard Sittig <Gerhard.Sittig@gmx.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: PPP NAT Gateway security Message-ID: <20001115125504.Q3759@grok> In-Reply-To: <20001115192259.Q27042@speedy.gsinet>; from Gerhard Sittig on Wed, Nov 15, 2000 at 07:22:59PM %2B0100 References: <00c801c04dc4$12a89220$0200a8c0@n2> <20001114144513.A888@grok> <001c01c04e97$c69c3c90$0200a8c0@n2> <20001114211934.B888@grok> <20001115192259.Q27042@speedy.gsinet>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Nov 15, 2000 at 07:22:59PM +0100, Gerhard Sittig wrote:
> ipf already has a feature like ppp's MYADDR -- specify 0.0.0.0/32
> as the IP and issue "ipf -y" when interface configuration changes
I can't get this to work with stock ipf in 4.1-R (ipf v3.4.8). Nothing
gets through. Is 0.0.0.0/32 a recent addition, or is it or the operator
just broken in 4.1-R?
> And BTW: You do bind your rules to interfaces ("... on $IF")
> already, don't you?
Of course.
> If it's just for variable substitution or conditional
> "compilation", you might find my patch described in
> http://www.freebsd.org/cgi/query-pr.cgi?pr=21989 of interest.
I thought I saw that mentioned somewhere. I haven't bothered upgrading
ipf though, as all the preprocessing I need can be done in a few lines
of shell script.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001115125504.Q3759>