Date: Sat, 3 Mar 2001 22:12:56 -0500 From: Chris Johnson <cjohnson@palomine.net> To: Don Lewis <Don.Lewis@tsc.tdk.com> Cc: stable@FreeBSD.ORG Subject: Re: Did ipfw fwd just break? Message-ID: <20010303221256.A51387@palomine.net> In-Reply-To: <200103040230.SAA25152@salsa.gv.tsc.tdk.com>; from Don.Lewis@tsc.tdk.com on Sat, Mar 03, 2001 at 06:30:18PM -0800 References: <20010303203733.A49750@palomine.net> <200103040211.SAA24825@salsa.gv.tsc.tdk.com> <20010303211958.A50525@palomine.net> <200103040230.SAA25152@salsa.gv.tsc.tdk.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--ZPt4rx8FFjLCG7dd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Mar 03, 2001 at 06:30:18PM -0800, Don Lewis wrote: > On Mar 3, 9:19pm, Chris Johnson wrote: > } Subject: Re: Did ipfw fwd just break? > }=20 > } Now, is it possible to protect myself from whatever evil check_interfac= e is > } supposed to protect me from, while still doing my transparent proxying?= Or =3D > } do I > } have to choose one or the other? >=20 > Try this patch. You might still have to disable check_interface if > your host is multi-homed and net.inet.ip.forwarding is 0, but even > so, you should be better protected than with the older code. It looks good so far. I now have: net.inet.ip.check_interface: 1 and ipfw fwd is working like it used to. Thanks! Chris --ZPt4rx8FFjLCG7dd Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6obK3yeUEMvtGLWERAsDaAJ0SK8XSC3rRgNF2Cqrf6teeqP2MRgCglh3m os4SYvAzPNSlAkRAvEVR7Z0= =jEIx -----END PGP SIGNATURE----- --ZPt4rx8FFjLCG7dd-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010303221256.A51387>