Date: Fri, 21 Jan 2000 11:46:53 +0200 (SAT) From: Reinier Bezuidenhout <rbezuide@oskar.dev.nanoteq.co.za> To: robinson@netrinsics.com (Michael Robinson) Cc: freebsd-security@FreeBSD.ORG Subject: Re: stream.c workaround clarification Message-ID: <200001210946.LAA15150@oskar.dev.nanoteq.co.za> In-Reply-To: <200001210849.QAA01513@netrinsics.com> from Michael Robinson at "Jan 21, 2000 4:49:28 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Hi .. Is there any similar rules in IPFW that simulates this ?? Reinier > I've been using an ipfilter rule-list that includes the following two rules: > > pass in log quick proto tcp from any to any flags S/SA > pass in quick proto tcp from any to any keep state > > (I log connections to TCP ports that aren't "exempted" higher up in the rules.) > > >From the discussion it seems to me that this should have an equivalent > protective effect as the official-sanctioned workaround, but I'd like to > verify this to be true. > > Thanks. > > -Michael Robinson > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001210946.LAA15150>