Date: Fri, 23 Oct 1998 11:00:00 +1300 From: "Dan Langille" <junkmale@xtra.co.nz> To: "Eric J. Schwertfeger" <ejs@bfd.com>, freebsd-security@FreeBSD.ORG Cc: freebsd-security@FreeBSD.ORG Subject: Re: default rules in rc.firewall cause problem Message-ID: <199810222159.KAA04958@witch.xtra.co.nz> In-Reply-To: <Pine.BSF.4.05.9810221359580.8461-100000@harlie.bfd.com> References: <199810222056.JAA23805@witch.xtra.co.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
On 22 Oct 98, at 14:06, Eric J. Schwertfeger wrote: > On Fri, 23 Oct 1998, Dan Langille wrote: > > > Hmmm, could your explanation be the cause of I'm seeing here? And would > > the modification to the rule make sense? > > Yes. > > > $fwcmd add deny all from any to 192.168.0.0:255.255.0.0 via ${oif} out > > As long as that comes before the natd divert, it will keep any packets > resulting from the crack attempt from going back. Most DOS attacks don't > need to get their replies back, however. It's better than nothing, > though. For what it's worth, I moved the modified rule to be above the divert. It seems to work fine. As it did before, but as you say, better than nothing. Cheers. > > It will deny all out going packets but allow incoming packets, which are > > what natd is effectively doing. If I read /etc/rc.firewall correctly, > > there are other default rules higher up in the list which will prevent > > incoming packets pretending to be from 192.168.0.0/24. For example: > > The problem is, under -stable, when a packet going back into a > masqueraded connection goes into natd, it comes back out starting all over > at the first rule, and the firewall rules have no way of knowing that the > packet didn't really come from the outside world. This may be enough to push us onto -current. Will the fix be included with 2.2.8? Thanks. Your help has been appreciated. -- Dan Langille DVL Software Limited The FreeBSD Diary - my [mis]adventures http://www.FreeBSDDiary.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199810222159.KAA04958>