From owner-freebsd-security Thu Jun 8 09:36:30 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id JAA16745 for security-outgoing; Thu, 8 Jun 1995 09:36:30 -0700 Received: from nahanni.BouletFermat.ab.ca (danny@dboulet.ccinet.ab.ca [198.161.96.245]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id JAA16735 for ; Thu, 8 Jun 1995 09:36:27 -0700 Received: (from danny@localhost) by nahanni.BouletFermat.ab.ca (8.6.9/8.6.9) id KAA05473 for freebsd-security@freebsd.org; Thu, 8 Jun 1995 10:37:54 -0600 Date: Thu, 8 Jun 1995 10:37:54 -0600 From: Danny Boulet Message-Id: <199506081637.KAA05473@nahanni.BouletFermat.ab.ca> To: freebsd-security@FreeBSD.ORG Subject: Bugfix release of ipfirewall available Sender: security-owner@FreeBSD.ORG Precedence: bulk Very short background info: ipfirewall is an IP packet filtering tool which is analogous to the packet filtering facilities provided by most commercial routers. Once the facility has been installed on a host computer, the system administrator defines a set of blocking filters and a set of forwarding filters. The blocking filters determine which packets are to be accepted by the host. The forwarding filters determine which packets are to be forwarded by the host. There is a bug in ipfirewall v2.0 (and v2.0a) that can, in certain circumstances, result in filters not being applied to packets as intended by the system administrator. User's of ipfirewall v2.0 (and v2.0a) should seriously consider upgrading to this new version. This version can be found in ftp://ftp.bsdi.com/contrib/networking/security/ipfirewall_v2.0b.shar.gz or ftp://ftp.nebulus.net/pub/bsdi/security/ipfirewall_v2.0b.shar.gz Alternatively, if you send me a request via e-mail, I can send it back to you as a set of shar files (my e-mail address is danny@bouletfermat.ab.ca). N.B. If you are a registered user of ipfirewall v2.* then I e-mailed the bug fix to you on the day after the bug was reported. This note is intended for users of ipfirewall v2.0 (and v2.0a) who haven't registered themselves (ipfirewall v2.* is distributed on a shareware basis). -Danny P.S. The v2.0b release also contains patches for installing ipfirewall on a FreeBSD 2.0 system. The release now includes patches for installing it on BSD/OS v1.*, BSD/OS v2.0, NetBSD-current and FreeBSD 2.0. P.P.S. I'm posting this to the freebsd-security mailing list because the original ipfirewall v2.0 announcement was posted here and I'm trying to reach as many unregistered users as practical.