Date: Sat, 22 Jan 2000 01:08:45 +1100 (Australia/NSW) From: Darren Reed <avalon@coombs.anu.edu.au> To: fpscha@via-net-works.net.ar Cc: freebsd-security@FreeBSD.ORG Subject: Re: bugtraq posts: stream.c - new FreeBSD exploit? Message-ID: <200001211408.BAA12379@cairo.anu.edu.au> In-Reply-To: <200001211344.KAA01087@ns1.via-net-works.net.ar> from "Fernando Schapachnik" at Jan 21, 2000 10:44:33 AM
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Fernando Schapachnik, sie said: > > En un mensaje anterior, Darren Reed escribió: > > btw, I think the better way to write the 3 rules is: > > > > block in quick proto tcp from any to any head 100 > > pass in quick proto tcp from any to any flags S keep state group 100 > > pass in all > > I usually work with ipfw, so I'm a newbie with ipfilter. > > I loaded a 3.3-R with an ipfilter enabled kernel. > > Then ipf -l block -f /file_with_rules > > Suprisingly: [...] That's to be expected. It only lets through `new' connections. You may (or may not) want to reboot. Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001211408.BAA12379>