Date: Mon, 4 Feb 2002 08:37:58 -0600 From: "Jacques A. Vidrine" <n@nectar.cc> To: Mike Tancsa <mike@sentex.net> Cc: Ruslan Ermilov <ru@FreeBSD.ORG>, stable@FreeBSD.ORG, Warner Losh <imp@FreeBSD.ORG> Subject: Re: dropping 127.* on the floor Message-ID: <20020204143758.GA28243@madman.nectar.cc> In-Reply-To: <5.1.0.14.0.20020204092437.050e66e0@marble.sentex.ca> References: <20020204152519.B58535@sunbay.com> <3C5DE578.4020409@gmx.net> <20020203152433.A5932-100000@voyager.straynet.com> <3C5DE578.4020409@gmx.net> <5.1.0.14.0.20020204080228.022ab9c0@192.168.0.12> <20020204152519.B58535@sunbay.com> <5.1.0.14.0.20020204092437.050e66e0@marble.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Feb 04, 2002 at 09:29:08AM -0500, Mike Tancsa wrote: > At 08:12 AM 2/4/02 -0600, Jacques A. Vidrine wrote: > > >See the Bugtraq archives for the thread starting with Message-ID: > ><3AA3ECAB.EA826D28@thebunker.net>, subject ``Loopback and multi-homed > >routing flaw in TCP/IP stack.'' for the reasons behind this change. > >The following URL might work. > > > ><URL:http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=3AA3ECAB.EA826D28@thebunker.net>; > > What if this were dealt as part of firewall rules ? i.e. GENERIC was built > by default with IPFIREWALL and firewall_enable="YES" and > firewall_type="OPEN" were set. That way the behavior that people have come > to rely on is still there for those that need it. > > I have not tested this yet with my production transparent proxies but I > will try so later today to see if the behavior is broken as a number of > people have reported. We are talking about two different things: ip_input.c and ip_output.c. The recent change to ip_output.c is what might break your transparent proxy. Above I am talking about the year-old change to ip_input.c. Cheers, -- Jacques A. Vidrine <n@nectar.cc> http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020204143758.GA28243>