From owner-freebsd-current  Mon Feb 26 08:14:13 1996
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id IAA27800
          for current-outgoing; Mon, 26 Feb 1996 08:14:13 -0800 (PST)
Received: from asstdc.scgt.oz.au (root@asstdc.scgt.oz.au [202.14.234.65])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id IAA27783
          Mon, 26 Feb 1996 08:14:06 -0800 (PST)
Received: (from imb@localhost)
	by asstdc.scgt.oz.au (8.6.12/BSD4.4)
	id DAA14868; Tue, 27 Feb 1996 03:13:54 +1100
From: michael butler <imb@scgt.oz.au>
Message-Id: <199602261613.DAA14868@asstdc.scgt.oz.au>
Subject: Re: -stable hangs at boot (fwd)
To: phk@critter.tfs.com (Poul-Henning Kamp)
Date: Tue, 27 Feb 1996 03:13:52 +1100 (EST)
Cc: stable@freebsd.org, current@freebsd.org
In-Reply-To: <11445.825342415@critter.tfs.com> from "Poul-Henning Kamp" at Feb 26, 96 02:46:55 pm
X-Mailer: ELM [version 2.4 PL24beta]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-current@freebsd.org
Precedence: bulk

Poul-Henning Kamp writes:

> Well, this happens to be your view.  I know machines where IPFW are being
> used to restrict what users on the machine can do, this is only possible
> if you filter >ALL< traffic, to and from the machine.

I haven't checked this but .. what happens to a packet which matches a
"reject" rule when it's not actually destined for the machine doing the
filtering .. does it still generate an ICMP "host unreachable" ?

This can happen, for example, with multiple subnets on one wire ..

If so .. we have our incarnation of the M$ "sniper bug" that plagued WFW and
WinNT boxes and which arbitrarilt shot down packets which were not theirs to
kill :-(

	michael