From owner-freebsd-bugs  Fri Sep 14  1:50: 9 2001
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 7549E37B403
	for <freebsd-bugs@hub.freebsd.org>; Fri, 14 Sep 2001 01:50:02 -0700 (PDT)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.4/8.11.4) id f8E8o2P22776;
	Fri, 14 Sep 2001 01:50:02 -0700 (PDT)
	(envelope-from gnats)
Date: Fri, 14 Sep 2001 01:50:02 -0700 (PDT)
Message-Id: <200109140850.f8E8o2P22776@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: Peter Pentchev <roam@ringlet.net>
Subject: Re: misc/30571: Error handling by natd causes all communications to cease when ambiguous statement exists in natd.conf making remote administration to fix impossible.
Reply-To: Peter Pentchev <roam@ringlet.net>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org

The following reply was made to PR misc/30571; it has been noted by GNATS.

From: Peter Pentchev <roam@ringlet.net>
To: Bill Daniel <vlaad@baldfewls.net>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: misc/30571: Error handling by natd causes all communications to cease when ambiguous statement exists in natd.conf making remote administration to fix impossible.
Date: Fri, 14 Sep 2001 11:42:28 +0300

 On Fri, Sep 14, 2001 at 01:03:49AM -0700, Bill Daniel wrote:
 > 
 > >Number:         30571
 > >Category:       misc
 > >Synopsis:       Error handling by natd causes all communications to cease when ambiguous statement exists in natd.conf making remote administration to fix impossible.
 > >Originator:     Bill Daniel
 > >Release:        4.4-RC
 > >Organization:
 > Texas Metropolitan Services
 > >Environment:
 > FreeBSD firewall.cargoven.com 4.4-RC FreeBSD 4.4-RC #0: Fri Sep 14 01:02:23 CDT
 > 2001     root@firewall.cargoven.com:/usr/src/sys/compile/cargoven  i386
 > >Description:
 > I made a typo in the natd.conf... the obvious solution is to not make typos in natd.conf... however..
 > The error caused all communications to the unit to cease.. i couldn't get to it internally (via a local user) or externally... 
 [snip]
 > >Fix:
 > My suggestion would be to either abort loading natd on ambiguous statements in the .conf file or to simply ignore the ambiguous statement.
 > 
 > My preference, being security minded, would be to simply abort loading the natd at all when an ambiguous statement is found. and hopefully this would make a *lot* of "noise" via syslog :)
 
 How about another solution - have natd(8) grow an Apache-like 'configtest'
 mode, so it only parses the config file without actually doing anything?
 
 G'luck,
 Peter
 
 -- 
 When you are not looking at it, this sentence is in Spanish.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message