From owner-freebsd-ipfw@FreeBSD.ORG Thu Apr 3 13:53:36 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C25C937B401 for ; Thu, 3 Apr 2003 13:53:36 -0800 (PST) Received: from epita.fr (hermes.epita.fr [163.5.255.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id C6FCA43FBF for ; Thu, 3 Apr 2003 13:53:34 -0800 (PST) (envelope-from le-hen_j@epita.fr) Received: from annelo (annelo.epita.fr [10.42.120.68]) by epita.fr id h33LrRN27283 for ipfw@freebsd.org EPITA Paris France Thu, 3 Apr 2003 23:53:29 +0200 (MEST) Date: Thu, 3 Apr 2003 23:53:27 +0200 From: jeremie le-hen To: ipfw@freebsd.org Message-ID: <20030403215327.GJ7538@annelo.epita.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i Subject: Implementing ranges in ipfw2 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Apr 2003 21:53:37 -0000 Hi, I going to implement ranges for IPLEN using the same way as for transport layer ports (struct _ipfw_insn_u16). But I'm wondering if this kind of test should be only applied on first/only fragments, since a malicious application could use small fragment in order to bypass firewall rules. I'm waiting for your comments. -- Jeremie aka TtZ le-hen_j@epita.fr