From owner-freebsd-security Sun Jun 23 02:12:28 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id CAA14817 for security-outgoing; Sun, 23 Jun 1996 02:12:28 -0700 (PDT) Received: from uu.elvisti.kiev.ua (acc0.elvisti.kiev.ua [193.125.28.132]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id CAA14810 for ; Sun, 23 Jun 1996 02:12:11 -0700 (PDT) Received: from office.elvisti.kiev.ua (office.elvisti.kiev.ua [193.125.28.129]) by uu.elvisti.kiev.ua (8.7.5/8.7.3) with ESMTP id MAA28546; Sun, 23 Jun 1996 12:24:15 +0300 (EET DST) Received: (from stesin@localhost) by office.elvisti.kiev.ua (8.6.12/8.ElVisti) id MAA08929; Sun, 23 Jun 1996 12:24:14 +0300 From: "Andrew V. Stesin" Message-Id: <199606230924.MAA08929@office.elvisti.kiev.ua> Subject: Re: IPFW vs. IP Filter? To: avalon@coombs.anu.edu.au (Darren Reed) Date: Sun, 23 Jun 1996 12:24:12 +0300 (EET DST) Cc: stesin@elvisti.kiev.ua, freebsd-security@FreeBSD.org In-Reply-To: <199606230504.IAA28342@office.elvisti.kiev.ua> from "Darren Reed" at Jun 23, 96 02:51:07 pm X-Mailer: ELM [version 2.4 PL24alpha5] Content-Type: text Sender: owner-security@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk # # In some mail from Andrew V. Stesin, sie said: # [...] # > 1. Sending TCP RST in reply to unsolicited TCP SYN # > didn't work. That was solved, thanks Darren, # > but I'm not 100% sure that this patch is included # > in 3.0.4 distribution. # # Just a minor nit, you can send a TCP RST in reply to any TCP packet except # one containing an RST (feedback loop :-). Thanks, I know ;) "Unsolicited SYN" I told, meaning attempt tp initiate a connedction. Or you want to say that a combo of SYN and RST might be sent to do some kind of port scanning? # > 2. With "in-kernel" version, "log body" doesn't work for # > me; I discovered the fact too late, when fighting # > with crashes of our firewall. Disabling all "log body" # > clauses in filtering rules cured that mysterious crashes, # > too, firewall is working for weeks just now, as I see. # > Now when I'm just 90% sure I found the source of trouble, # > which tortured me for weeks, probably it's time to # > go check where exactly it lives. # # Thanks, I'll have a look too. You'd probably like to check your old mail -- I sent a bunch of debugger output regarding this problem some time ago. The crash isn't easily reproducible, so if you want me to repeat my explorations, please let me know -- I'll try once again. # Darren # Thanks for the nice tool, Darren! BTW -- will it be a a bugfix 3.0.5 version, or your'e working on a new release only? (Now when I got a box at home, and moved to -FreeBSD-current, I'm going to check IPfilter with -current, so should I go with a new version?) -- With best regards -- Andrew Stesin. +380 (44) 2760188 +380 (44) 2713457 +380 (44) 2713560 "You may delegate authority, but not responsibility." Frank's Management Rule #1.