Date: Fri, 21 Jan 2000 16:49:28 +0800 (+0800) From: Michael Robinson <robinson@netrinsics.com> To: freebsd-security@freebsd.org Subject: stream.c workaround clarification Message-ID: <200001210849.QAA01513@netrinsics.com>
next in thread | raw e-mail | index | archive | help
I've been using an ipfilter rule-list that includes the following two rules:
pass in log quick proto tcp from any to any flags S/SA
pass in quick proto tcp from any to any keep state
(I log connections to TCP ports that aren't "exempted" higher up in the rules.)
From the discussion it seems to me that this should have an equivalent
protective effect as the official-sanctioned workaround, but I'd like to
verify this to be true.
Thanks.
-Michael Robinson
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001210849.QAA01513>