Date: Tue, 12 Feb 2002 13:28:37 -0500 From: "Michael Meltzer" <mjm@michaelmeltzer.com> To: "Ruslan Ermilov" <ru@FreeBSD.ORG> Cc: <stable@FreeBSD.ORG> Subject: Re: 127/8 in ip_output.c Message-ID: <00c701c1b3f3$169409f0$34f820c0@ix1x1000> References: <01a701c1b33c$733b99a0$34f820c0@ix1x1000> <20020212141520.A8237@sunbay.com>
next in thread | previous in thread | raw e-mail | index | archive | help
http://www.obfuscation.org/ipf/ipf-howto.txt about page 28+- I do not use squid but, http://www.squid-cache.org/Doc/FAQ/FAQ-17.html, the freebsd section uses the 127.* game http://cr.yp.to/djbdns/faq/cache.html#mixnmatch , it the 127.* trick again, and if you want to services the inside address you need a rdr from the inside ip to 127. The point is this is too strong a position on the issue, maybe you want a sysctl around it, not unheard of for network RFC's. But frankly you are trying to build firewall functionality into the kernel when most people expect it in their ipf rule set. Worst let there rules set will look right when they try to open it up and led to "craziness/frustration/very bad works" when it does not work as excepted or meet their expectation about what is happening. I been doing things like this on Solaris /FreeBSD for years to solve network problems. MJM PS. what is the view of the "group"? ----- Original Message ----- From: "Ruslan Ermilov" <ru@FreeBSD.ORG> To: "Michael Meltzer" <mjm@michaelmeltzer.com> Cc: <stable@FreeBSD.ORG> Sent: Tuesday, February 12, 2002 7:15 AM Subject: Re: 127/8 in ip_output.c > On Mon, Feb 11, 2002 at 03:41:15PM -0500, Michael Meltzer wrote: > > > > I just got caught by block of all 127/8 in ip_output.c, At this point > > I have recompiled my system to remove it but frankly I think it should > > be removed from the OS, What happened it the it took out djbdsn along > > with IPF, now those system where configured based on their respective > > HOWTO's. Unless someone wants to start changing all the HOWTO's this > > is asking for trouble. This is not nice, Luckily I knew how to code, > > where to look and compile a kernel, think everyone who uses FreeBSD > > will be so luckily. The RFC what to prevent 127/8 from leveling the > > box, but could it be done not to breaking the tools. > > > Could you please forward me a reference to this HOWTO? > > > Cheers, > -- > Ruslan Ermilov Sysadmin and DBA, > ru@sunbay.com Sunbay Software AG, > ru@FreeBSD.org FreeBSD committer, > +380.652.512.251 Simferopol, Ukraine > > http://www.FreeBSD.org The Power To Serve > http://www.oracle.com Enabling The Information Age > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00c701c1b3f3$169409f0$34f820c0>