Date: Fri, 10 Mar 2006 11:47:25 +0100 From: Erik Norgaard <norgaard@locolomo.org> To: Roman Serbski <mefystofel@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Help with IP Filter 4.1.8 Message-ID: <4411593D.60507@locolomo.org> In-Reply-To: <cca5083b0603092044n2c92a6cfo564fae129136594b@mail.gmail.com> References: <cca5083b0602260715w2f4a9e49o494f2f537afca2db@mail.gmail.com> <4402232A.8010908@locolomo.org> <cca5083b0602270548s4147d332v5df89fdb9a0b7ccd@mail.gmail.com> <44031DC4.6060804@locolomo.org> <cca5083b0602271945q5ef76163m5712a386e3eb3008@mail.gmail.com> <440C25FE.6050401@locolomo.org> <cca5083b0603092044n2c92a6cfo564fae129136594b@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Roman Serbski wrote: >> 1) Other udp services, are responces also blocked? you can for example >> try ntp. If so, then it is likely a bug in ip-filter. > > Yes. Same for other udp (I tested with ntp). The symptoms are the same > - there is a hit on a rule allowing outgoing ntp, but then reply is > blocked. It should be possible to capture on the interface in promiscuous mode. (I recall an article on SecurityFocus considering this as a security hole as it actually allows you to circumvent the firewall). Cheers, Erik
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4411593D.60507>