Date: Fri, 1 Apr 2005 16:20:35 -0800 From: Jonathan Dama <bn@donut.ugcs.caltech.edu> To: freebsd-stable@freebsd.org Cc: darrenr@pobox.com Subject: mfc of ipf 3.4.35 breaks POLA in 4.11, 4-Stable Message-ID: <20050402002035.GK75619@philemon.caltech.edu>
next in thread | raw e-mail | index | archive | help
IPF in 4.11, 4-Stable breaks the semantics of icmp keep-state rules. This problem was mentioned in http://msgs.securepoint.com/cgi-bin/get/ipfilter-0503/31/1/2/1/1.html I wouldn't make a fuss over this simple matter except that this constitutes a POLA violation. To that end, the following pr was submitted: http://www.freebsd.org/cgi/query-pr.cgi?pr=79416 Incidentially, unless I really misunderstand ipf, there appears to be a genuine bug here. POLA issues aside, a pass-rule is being used to block packets. Thanks, Jon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050402002035.GK75619>