Date: Thu, 20 Jan 2000 20:52:24 -0700 From: Brett Glass <brett@lariat.org> To: Gene Harris <zeus@tetronsoftware.com> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: bugtraq posts: stream.c - new FreeBSD exploit? Message-ID: <4.2.2.20000120205108.019a6e50@localhost> In-Reply-To: <Pine.BSF.4.10.10001202147250.7833-100000@tetron02.tetronso ftware.com> References: <4.2.2.20000120194320.019e0220@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
At 08:52 PM 1/20/2000 , Gene Harris wrote: > > > > > >pass in all > > >block in proto tcp all head 100 > > >pass in proto tcp from any to any flags S keep state group 100 > > > > Fantastic! Forwarded to Bugtraq. > > > > --Brett > > > >I guess this is good. But the thoughts of translating 350 >plus rules from ipfw to ipfilter are not too appealing. The problem is that ipfw doesn't have "keep state." I understand that the IPFilter page at http://cheops.anu.edu.au/~avalon/ has a link to a "rule compiler" that lets you recompile rules for different firewalls. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.20000120205108.019a6e50>