Date: Thu, 3 Apr 2003 23:53:27 +0200 From: jeremie le-hen <le-hen_j@epita.fr> To: ipfw@freebsd.org Subject: Implementing ranges in ipfw2 Message-ID: <20030403215327.GJ7538@annelo.epita.fr>
next in thread | raw e-mail | index | archive | help
Hi, I going to implement ranges for IPLEN using the same way as for transport layer ports (struct _ipfw_insn_u16). But I'm wondering if this kind of test should be only applied on first/only fragments, since a malicious application could use small fragment in order to bypass firewall rules. I'm waiting for your comments. -- Jeremie aka TtZ le-hen_j@epita.fr
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030403215327.GJ7538>