Date: Sun, 15 Jul 2012 04:51:39 +1000 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: Chris Rees <utisoft@gmail.com> Cc: freebsd-ipfw@freebsd.org, freebsd-bugs@freebsd.org Subject: Re: kern/165939: [ipw] security bug: incomplete firewall rules loaded if tables are used in ipfw.conf Message-ID: <20120715042336.H74353@sola.nimnet.asn.au> In-Reply-To: <CADLo83-C_6=AMHejePkCLnRfQWKFUwvM7as5vSnJDRMULKH4vw@mail.gmail.com> References: <201207141614.q6EGEi7P024139@freefall.freebsd.org> <20120715025005.I74353@sola.nimnet.asn.au> <CADLo83-C_6=AMHejePkCLnRfQWKFUwvM7as5vSnJDRMULKH4vw@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail
On Sat, 14 Jul 2012 18:59:54 +0100, Chris Rees wrote: > On 14 Jul 2012 18:49, "Ian Smith" <smithi@nimnet.asn.au> wrote: > > > > On Sat, 14 Jul 2012, crees@freebsd.org wrote: > > > http://www.freebsd.org/cgi/query-pr.cgi?pr=165939 [..] > > Yes, to such a ruleset you'd need to add 'table all flush' too. > > > > ipfw flush specifically does not flush tables. I've long relied upon > > that, using mostly static tables only reloaded from a file saved hourly > > by cron, when $firewall_script finds tables are not loaded - ie at boot. > > Not A Bug then? Not For Me at least, Chris. Maybe ipfw(8) isn't specific enough about flush? I can't speak for others, but don't think flushing all tables in rc.firewall useful when it's easy to include in your particular ruleset. cheers, Ianhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120715042336.H74353>