Date: Tue, 11 Jun 1996 02:18:59 -0600 (MDT) From: Greg Skafte <skafte@worldgate.com> To: freebsd-security@freebsd.org, freebsd-hackers@freebsd.org, freebsd-questions@worldgate.com Subject: IP Firewall gotchas Message-ID: <199606110819.CAA00736@gras-varg.worldgate.com>
next in thread | raw e-mail | index | archive | help
After much experimenting I have noticed, that the current version of ip_fw.c etc. in freebsd _stable_ does not have any provisions for igmp or ip multicast. So I have had to open the firewall a little wider that I would like to accomadate this scenario. I was expermenting with gated 3.5beta3 to talk to our ospf routers and noticed depending on the rules I selected, there were no ospf transfers. After a few tcpdumps and careful placement of packet accounting I found that the total in and out packets did not exactly match the various rule sets. guess why ospf uses multicast and igmp packets. Has any one hacked ip_fw.[c,h] and ipfw to allow for more _modern_ ip support or is this stuff hiding in _current_. would people be interested in hacking ip_fw.[c,h] to assist in these higher order ip functions .... I dont normally read the mail lists so write directly to me and I will mail a summary to the appropriate lists. -- Internet: skafte@worldgate.com Voice: +403 428 0150 When things can't get any worse, they simplify themselves by getting a whole lot worse then complicated. A complete and utter disaster is the simplest thing in the world; it's preventing one that's complex.(janet morris)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606110819.CAA00736>