From owner-freebsd-security Wed Jan 26 11:33:35 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (Postfix) with ESMTP id 480CE14CFA for ; Wed, 26 Jan 2000 11:33:33 -0800 (PST) (envelope-from brett@lariat.org) Received: from mustang (IDENT:ppp0.lariat.org@lariat.lariat.org [206.100.185.2]) by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id MAA25118; Wed, 26 Jan 2000 12:31:38 -0700 (MST) Message-Id: <4.2.2.20000126103426.03d34520@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Wed, 26 Jan 2000 10:35:47 -0700 To: "Rodney W. Grimes" , Don.Lewis@tsc.tdk.com (Don Lewis) From: Brett Glass Subject: Re: Merged patches Cc: dillon@apollo.backplane.com (Matthew Dillon), imp@village.org (Warner Losh), security@FreeBSD.ORG In-Reply-To: <200001261114.DAA74269@gndrsh.dnsmgr.net> References: <200001260011.QAA28012@salsa.gv.tsc.tdk.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 04:14 AM 1/26/2000 , Rodney W. Grimes wrote: >The short and simple answer: >ipfw add deny ip from 240.0.0.0/4 to any > >The longer answer: >Manning is not very clear on Class E space, Technically 255.255.255.255 >is a class E address, and is part of ``a range left unspecified''. Putting >your patch above in would be ``specifing'' a behavior. But yet Manning >later says: > > Note: No addresses are allowed with the four highest-order bits > set to 1-1-1-1. These addresses, called "classE", are reserved. > >Reserved means we should not be putting in hard code that effects how >they behave, IMNSO. > >Your going to have to do the short and simple answer covers to cover >the other parts of this space anyway, so you might as well only do it >one place and not create what may be a headache for someone else. How about making it a sysctl/rc.conf variable? --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message