From owner-freebsd-bugs Tue May 9 23:40: 4 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id F151537B8B4 for ; Tue, 9 May 2000 23:40:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id XAA06152; Tue, 9 May 2000 23:40:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Date: Tue, 9 May 2000 23:40:01 -0700 (PDT) Message-Id: <200005100640.XAA06152@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: Charles Mott Subject: Re: bin/18354: NATD diverts DMZ packets to firewall host Reply-To: Charles Mott Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The following reply was made to PR bin/18354; it has been noted by GNATS. From: Charles Mott To: Brian Somers Cc: goran.lowkrantz@infologigruppen.se, freebsd-gnats-submit@FreeBSD.org, Ruslan Ermilov , Eivind Eklund , Ari Suutari Subject: Re: bin/18354: NATD diverts DMZ packets to firewall host Date: Wed, 10 May 2000 00:38:36 -0600 (MDT) > We decided to ask about the original intentions and decide what to do > based on the outcome, but haven't received a reply from Charles (cc'd > as a gentle poke) yet. The original intention was that libalias would be cognizant of certain protocols (tcp, udp, icmp to start out with) and not alter or drop any other protocols. My opinion at the time was that ipfw rules should deal with other protocols. However, it appears that libalias is being generalized to handle arbitrary protocols, and my original thinking may no longer be appropriate. My suggestion is that incoming packets for arbitrary protocols (and not associated with an static redirect rules or dynamic associations) be dropped if the PKT_ALIAS_DENY_INCOMING bit is set. Charles Mott To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message