From owner-freebsd-security  Tue Jul 25 12:51:11 2000
Delivered-To: freebsd-security@freebsd.org
Received: from snafu.adept.org (adsl-63-201-63-44.dsl.snfc21.pacbell.net [63.201.63.44])
	by hub.freebsd.org (Postfix) with ESMTP id D073F37B6C7
	for <freebsd-security@FreeBSD.ORG>; Tue, 25 Jul 2000 12:51:09 -0700 (PDT)
	(envelope-from mike@adept.org)
Received: by snafu.adept.org (Postfix, from userid 1000)
	id B4F839EE01; Tue, 25 Jul 2000 12:50:46 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
	by snafu.adept.org (Postfix) with ESMTP
	id AC9909B001; Tue, 25 Jul 2000 12:50:46 -0700 (PDT)
Date: Tue, 25 Jul 2000 12:50:46 -0700 (PDT)
From: Mike Hoskins <mike@adept.org>
To: Stephen Montgomery-Smith <stephen@math.missouri.edu>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Problems with natd and simple firewall
In-Reply-To: <397D4A06.9CFAF1FA@math.missouri.edu>
Message-ID: <Pine.BSF.4.21.0007251250050.27676-100000@snafu.adept.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, 25 Jul 2000, Stephen Montgomery-Smith wrote:

> We could add another option to natd that would disallow 
> any outgoing packets sent to an unregistered ip address,
> and disallow any incoming packets from or to an unregistered
> ip address.  Call it -antispoof.

If it makes it easier for everyone (and I don't see how it wouldn't), I'll
cast my vote for -antispoof.

-mrh



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message