Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 23 Jun 1996 12:24:12 +0300 (EET DST)
From:      "Andrew V. Stesin" <stesin@elvisti.kiev.ua>
To:        avalon@coombs.anu.edu.au (Darren Reed)
Cc:        stesin@elvisti.kiev.ua, freebsd-security@FreeBSD.org
Subject:   Re: IPFW vs. IP Filter?
Message-ID:  <199606230924.MAA08929@office.elvisti.kiev.ua>
In-Reply-To: <199606230504.IAA28342@office.elvisti.kiev.ua> from "Darren Reed" at Jun 23, 96 02:51:07 pm
next in thread | previous in thread | raw e-mail | index | archive | help 

# 
# In some mail from Andrew V. Stesin, sie said:
# [...]
# > 	1.  Sending TCP RST in reply to unsolicited TCP SYN
# > 	    didn't work.  That was solved, thanks Darren,
# > 	    but I'm not 100% sure that this patch is included
# > 	    in 3.0.4 distribution.
# 
# Just a minor nit, you can send a TCP RST in reply to any TCP packet except
# one containing an RST (feedback loop :-).

	Thanks, I know ;)  "Unsolicited SYN" I told,
	meaning attempt tp initiate a connedction.
	Or you want to say that a combo of SYN and RST
	might be sent to do some kind of
	port scanning?
 
# > 	2.  With "in-kernel" version, "log body" doesn't work for
# > 	    me; I discovered the fact too late, when fighting
# > 	    with crashes of our firewall.  Disabling all "log body"
# > 	    clauses in filtering rules cured that mysterious crashes,
# > 	    too, firewall is working for weeks just now, as I see.
# > 	    Now when I'm just 90% sure I found the source of trouble,
# > 	    which tortured me for weeks, probably it's time to
# > 	    go check where exactly it lives.
# 
# Thanks, I'll have a look too.

	You'd probably like to check your
	old mail -- I sent a bunch of debugger
	output regarding this problem some time ago.

	The crash isn't easily reproducible,
	so if you want me to repeat my explorations,
	please let me know -- I'll try once again.

# Darren
# 

	Thanks for the nice tool, Darren!  BTW -- will it be a
	a bugfix 3.0.5 version, or your'e working on a new
	release only?  (Now when I got a box at home,
	and moved to -FreeBSD-current, I'm
	going to check IPfilter with -current, so should
	I go with a new version?)

-- 

	With best regards -- Andrew Stesin.

	+380 (44) 2760188	+380 (44) 2713457	+380 (44) 2713560

	"You may delegate authority, but not responsibility."
					Frank's Management Rule #1.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606230924.MAA08929>