Date: Fri, 21 Jan 2000 16:34:26 +1100 (Australia/NSW) From: Darren Reed <avalon@coombs.anu.edu.au> To: mi@kot.ne.mediaone.net (Mikhail Teterin) Cc: avalon@coombs.anu.edu.au (Darren Reed), brett@lariat.org (Brett Glass), imp@village.org (Warner Losh), jamiE@arpa.com (jamiE rishaw - master e*tard), tom@uniserve.com (Tom), mike@sentex.net (Mike Tancsa), freebsd-security@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG Subject: Re: bugtraq posts: stream.c - new FreeBSD exploit? Message-ID: <200001210534.QAA04706@cairo.anu.edu.au> In-Reply-To: <200001210531.AAA26807@rtfm.newton> from "Mikhail Teterin" at Jan 21, 2000 12:31:10 AM
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Mikhail Teterin, sie said: > > Darren Reed once stated: > > =It isn't. I said that for people who are using ipnat but not ipfilter. > = > =btw, I think the better way to write the 3 rules is: > = > =block in quick proto tcp from any to any head 100 > =pass in quick proto tcp from any to any flags S keep state group 100 > =pass in all > > Can a similar rule be created for ipfw? Thanks! Unless ipfw has stateful packet filtering, no. Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001210534.QAA04706>