From owner-freebsd-security Sun Oct 3 10:16:25 1999 Delivered-To: freebsd-security@freebsd.org Received: from pinochet.cityline.ru (pinochet.cityline.ru [195.46.160.34]) by hub.freebsd.org (Postfix) with ESMTP id D3C1E14EB0 for ; Sun, 3 Oct 1999 10:16:12 -0700 (PDT) (envelope-from ratebor@cityline.ru) Received: from 68.165.26.dn.dialup.cityline.ru (68.165.26.dn.dialup.cityline.ru [195.46.165.68]) by pinochet.cityline.ru (8.9.2/t/08-Oct-1998) with ESMTP id VAA21519 for ; Sun, 3 Oct 1999 21:13:15 +0400 (MSD) Date: Sun, 3 Oct 1999 21:11:00 +0300 From: Dmitriy Bokiy X-Mailer: The Bat! (v1.34a) UNREG / CD5BF9353B3B7091 Reply-To: Dmitriy Bokiy Organization: IPCP X-Priority: 3 (Normal) Message-ID: <18882.991003@cityline.ru> To: FreeBSD Security ML Subject: natd -deny_incoming Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Just to be completely sure. Is it correct that if I don`t run natd with "-deny_incoming" option turned on it`s going to accept external connections to RFC addresses which at the moment have an entry in NATd`s internal translation table? If that`s so is there some ground under it or is it just a "feature"? In other words: why do we need this option at all if "deny incoming to RFCs" could be default behavior? Or do I miss anything? Thanks, -Dmitriy To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message