From owner-freebsd-security Thu Mar 26 15:26:34 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA10136 for freebsd-security-outgoing; Thu, 26 Mar 1998 15:26:34 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from nash.pr.mcs.net (nash.pr.mcs.net [204.95.47.72]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA10129 for ; Thu, 26 Mar 1998 15:26:29 -0800 (PST) (envelope-from alex@nash.pr.mcs.net) Received: (from alex@localhost) by nash.pr.mcs.net (8.8.8/8.8.7) id RAA08454; Thu, 26 Mar 1998 17:25:36 -0600 (CST) (envelope-from alex) Message-Id: <199803262325.RAA08454@nash.pr.mcs.net> Date: Thu, 26 Mar 1998 17:25:36 -0600 (CST) From: Alex Nash Subject: ipfw patch in 2.2.6 (was Re: FreeBSD Security Advisory: FreeBSD-SA- 98:02.mmap) To: freebsd-security@FreeBSD.ORG MIME-Version: 1.0 Content-Type: TEXT/plain; CHARSET=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk [ For some reason I seem to have fallen off the security mailing list, but luckly someone forwarded this to me. Apologies if I've missed any subsequent discussion about this...] Jt wrote: > Why was the patch Alex Nash added to ip_fw.c not added to the new > release ? This is a needed option in ipfw . As I explained to Jt earlier today, this patch was generated close enough to the 2.2.6 release that I did not feel comfortable bringing it in until after 2.2.6 was released. I will be merging this into -stable shortly. I would like to point out that this is NOT a security hole of any kind, but merely a missing feature in the previous implementation. The patch allows firewalls to send back ICMP unreachable requests in response to ICMP query messages. Alex To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message