From owner-freebsd-stable Thu Jan 20 21:40:25 2000 Delivered-To: freebsd-stable@freebsd.org Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (Postfix) with ESMTP id C36FB15442 for ; Thu, 20 Jan 2000 21:40:00 -0800 (PST) (envelope-from brett@lariat.org) Received: from workhorse (IDENT:ppp0.lariat.org@lariat.lariat.org [206.100.185.2]) by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id UAA13936; Thu, 20 Jan 2000 20:52:23 -0700 (MST) Message-Id: <4.2.2.20000120205108.019a6e50@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Thu, 20 Jan 2000 20:52:24 -0700 To: Gene Harris From: Brett Glass Subject: Re: bugtraq posts: stream.c - new FreeBSD exploit? Cc: freebsd-stable@FreeBSD.ORG In-Reply-To: References: <4.2.2.20000120194320.019e0220@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG At 08:52 PM 1/20/2000 , Gene Harris wrote: > > > > > >pass in all > > >block in proto tcp all head 100 > > >pass in proto tcp from any to any flags S keep state group 100 > > > > Fantastic! Forwarded to Bugtraq. > > > > --Brett > > > >I guess this is good. But the thoughts of translating 350 >plus rules from ipfw to ipfilter are not too appealing. The problem is that ipfw doesn't have "keep state." I understand that the IPFilter page at http://cheops.anu.edu.au/~avalon/ has a link to a "rule compiler" that lets you recompile rules for different firewalls. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message