Date: Fri, 14 Sep 2001 03:40:02 -0700 (PDT) From: Bill Fumerola <billf@mu.org> To: freebsd-bugs@FreeBSD.org Subject: Re: misc/30571: Error handling by natd causes all communications to cease when ambiguous statement exists in natd.conf making remote administration to fix impossible. Message-ID: <200109141040.f8EAe2k40370@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR misc/30571; it has been noted by GNATS. From: Bill Fumerola <billf@mu.org> To: Bill Daniel <vlaad@baldfewls.net> Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: misc/30571: Error handling by natd causes all communications to cease when ambiguous statement exists in natd.conf making remote administration to fix impossible. Date: Fri, 14 Sep 2001 05:32:56 -0500 On Fri, Sep 14, 2001 at 01:03:49AM -0700, Bill Daniel wrote: > My preference, being security minded, would be to simply abort loading the natd > at all when an ambiguous statement is found. and hopefully this would make a > *lot* of "noise" via syslog :) you're diverting all your traffic to a divert socket that isn't being serviced by any process. you're diverting it because the ipfw rule is still there. no process is servicing it because natd "simply abort[ed] loading". so I'm unclear where a problem is, other then in your ability to check config files twice before pushing the magic button to reboot. useful thing to do: in natd.c change the warnx() call in ParseOption() to a Warn() call, to make your requested noise. you won't see the noise because you have no connectivity.... -- - bill fumerola / fumerola@yahoo-inc.com / billf@FreeBSD.org / billf@mu.org ps. why are you rebooting for natd changes anyways? pps. serial consoles / out of band are cheaper and quicker then remote hands. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200109141040.f8EAe2k40370>