From owner-freebsd-security Wed Nov 15 12:55: 6 2000 Delivered-To: freebsd-security@freebsd.org Received: from grok.example.net (cr479972-a.rct1.bc.wave.home.com [24.113.37.168]) by hub.freebsd.org (Postfix) with ESMTP id 443FD37B479 for ; Wed, 15 Nov 2000 12:55:05 -0800 (PST) Received: by grok.example.net (Postfix, from userid 1000) id 9B81A21314D; Wed, 15 Nov 2000 12:55:04 -0800 (PST) Date: Wed, 15 Nov 2000 12:55:04 -0800 From: Steve Reid To: Gerhard Sittig Cc: freebsd-security@FreeBSD.ORG Subject: Re: PPP NAT Gateway security Message-ID: <20001115125504.Q3759@grok> References: <00c801c04dc4$12a89220$0200a8c0@n2> <20001114144513.A888@grok> <001c01c04e97$c69c3c90$0200a8c0@n2> <20001114211934.B888@grok> <20001115192259.Q27042@speedy.gsinet> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: <20001115192259.Q27042@speedy.gsinet>; from Gerhard Sittig on Wed, Nov 15, 2000 at 07:22:59PM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Nov 15, 2000 at 07:22:59PM +0100, Gerhard Sittig wrote: > ipf already has a feature like ppp's MYADDR -- specify 0.0.0.0/32 > as the IP and issue "ipf -y" when interface configuration changes I can't get this to work with stock ipf in 4.1-R (ipf v3.4.8). Nothing gets through. Is 0.0.0.0/32 a recent addition, or is it or the operator just broken in 4.1-R? > And BTW: You do bind your rules to interfaces ("... on $IF") > already, don't you? Of course. > If it's just for variable substitution or conditional > "compilation", you might find my patch described in > http://www.freebsd.org/cgi/query-pr.cgi?pr=21989 of interest. I thought I saw that mentioned somewhere. I haven't bothered upgrading ipf though, as all the preprocessing I need can be done in a few lines of shell script. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message