Date: Fri, 26 Jan 2001 00:05:58 -0600 From: Bill Fumerola <billf@mu.org> To: Justin Stanford <jus@security.za.net> Cc: questions@freebsd.org, security@freebsd.org Subject: Re: ipfw security patch problem.. Message-ID: <20010126000558.I57121@elvis.mu.org> In-Reply-To: <Pine.BSF.4.21.0101260756090.397-100000@athena.za.net>; from jus@security.za.net on Fri, Jan 26, 2001 at 08:00:04AM %2B0200 References: <Pine.BSF.4.21.0101260756090.397-100000@athena.za.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 26, 2001 at 08:00:04AM +0200, Justin Stanford wrote:
> Hi,
>
> I upgraded my ipfw yesterday on my 4.0-STABLE system with the patch by
> following the instructions to the letter for the security bug discovered
> by Aragon Gouveia, and compile and install appeared to go seamlessly.
>
> However, ipfw now gives me this type of problem:
>
> [root@athena]~# ipfw add 5000 deny tcp from any to 196.30.167.200 515 via rl0
> 05000 deny tcp from any to 196.30.167.200 515 via rl0
> ip_fw_ctl: empty interface name
> ipfw: setsockopt(IP_FW_ADD): Invalid argument
> [root@athena]~#
You have to compile ipfw(8), compile a new kernel (or reload a new module),
and ipfw(8) needs to have /sys/netinet/ip_fw.h copied to /usr/include/netinet
unless you used buildworld(this needs to happen before recompiling ipfw).
--
Bill Fumerola - security yahoo / Yahoo! inc.
- fumerola@yahoo-inc.com / billf@FreeBSD.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010126000558.I57121>