From owner-freebsd-security@FreeBSD.ORG Wed Feb 25 18:02:43 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A24D4F3E for ; Wed, 25 Feb 2015 18:02:43 +0000 (UTC) Received: from as1.azsupport.com (azsupport.com [74.52.186.194]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "azsupport.com", Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 862A0DD7 for ; Wed, 25 Feb 2015 18:02:43 +0000 (UTC) Date: Wed, 25 Feb 2015 18:56:01 +0100 From: Andrei To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-15:04.igmp (fwd) - ipfw fix? Message-ID: <20150225185601.004af9ec@azsupport.com> In-Reply-To: <1BE461E0-D2AC-4222-8D41-B7F97E83FD74@FreeBSD.org> References: <1BE461E0-D2AC-4222-8D41-B7F97E83FD74@FreeBSD.org> Organization: azsupport.com X-Mailer: Claws Mail 3.11.1 (GTK+ 2.24.25; amd64-portbld-freebsd11.0) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2015 18:02:43 -0000 On Wed, 25 Feb 2015 18:21:58 +0100 Remko Lodder wrote: > > This suggests that you can filter the traffic: > > Block incoming IGMP packets by protecting your host/networks with a > firewall. (Quote from the SA). > > Br, > Remko > Looks like Captain Obvious here. The question was how exactly to do it? Kind regards, Andrei.