Date: Fri, 21 Jan 2000 07:23:53 -0800 From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: Reinier Bezuidenhout <rbezuide@oskar.dev.nanoteq.co.za> Cc: robinson@netrinsics.com (Michael Robinson), freebsd-security@FreeBSD.ORG Subject: Re: stream.c workaround clarification Message-ID: <200001211524.HAA01787@cwsys.cwsent.com> In-Reply-To: Your message of "Sat, 21 Jan 2000 11:46:53 %2B0200." <200001210946.LAA15150@oskar.dev.nanoteq.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <200001210946.LAA15150@oskar.dev.nanoteq.co.za>, Reinier
Bezuidenhou
t writes:
> Hi ..
>
> Is there any similar rules in IPFW that simulates this ??
No, IPFW is stateless.
>
> Reinier
>
> > I've been using an ipfilter rule-list that includes the following two rules
> :
> >
> > pass in log quick proto tcp from any to any flags S/SA
> > pass in quick proto tcp from any to any keep state
> >
> > (I log connections to TCP ports that aren't "exempted" higher up in the rul
> es.)
> >
> > >From the discussion it seems to me that this should have an equivalent
> > protective effect as the official-sanctioned workaround, but I'd like to
> > verify this to be true.
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
Sun/DEC Team, UNIX Group Internet: Cy.Schubert@uumail.gov.bc.ca
ITSD
Province of BC
"COBOL IS A WASTE OF CARDS."
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001211524.HAA01787>