Date: Mon, 24 Dec 2001 19:10:09 +0700 From: Igor M Podlesny <poige@morning.ru> To: freebsd-hackers@FreeBSD.ORG Subject: /etc/rc.firewall and /sys/netinet/ip_input.c are doing the same thing Message-ID: <107466819110.20011224191009@morning.ru> In-Reply-To: <Pine.BSF.4.33.0112231015180.35760-100000@resnet.uoregon.edu> References: <Pine.BSF.4.33.0112231015180.35760-100000@resnet.uoregon.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
well, not all the same, but partly. Take a look:
/sys/netinet/ip_input.c
-----------------------
/* 127/8 must not appear on wire - RFC1122 */
if ((ntohl(ip->ip_dst.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET ||
(ntohl(ip->ip_src.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) {
if ((m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) == 0) {
ipstat.ips_badaddr++;
goto bad;
}
}
and
/etc/rc.firewall
----------------
############
# Only in rare cases do you want to change these rules
#
${fwcmd} add 100 pass all from any to any via lo0
${fwcmd} add 200 deny all from any to 127.0.0.0/8
${fwcmd} add 300 deny ip from 127.0.0.0/8 to any
--
Igor M Podlesny a.k.a. Poige
http://www.morning.ru/~poige
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?107466819110.20011224191009>