Date: Tue, 23 Aug 2005 18:53:44 +0200 From: Alexander Leidinger <Alexander@Leidinger.net> To: Stephen Major <smajor@gmail.com> Cc: freebsd-security@freebsd.org, remko@freebsd.org, 'Pat Maddox' <pergesu@gmail.com>, 'FreeBSD Questions' <freebsd-questions@freebsd.org> Subject: RE: Security warning with sshd Message-ID: <20050823185344.8wuabf44ys0cgw44@netchild.homeip.net> In-Reply-To: <430b138a.7c0e796e.1155.547a@mx.gmail.com> References: <430b138a.7c0e796e.1155.547a@mx.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Stephen Major <smajor@gmail.com> wrote: > The issue he is having I had the exact same problems, as soon as I changed > my config to the one below poof no more problems. You can set your firewall > however you want. I was just saying what gets rid of the problem he is > having with ssh. I wasn't commenting the ssh issue, since it isn't clear why the problem exists. At least I haven't seen a problem analysis where the cause of this was shown. Maybe I missed it. So your posting may be the right solution or not. I don't know yet, and I don't care about this in this mail, since I wasn't talking about the ssh issue (see below). > So instead of ripping apart what I have said why do you not provide a better > solution to the original question asked. I wasn't ripping apart what you said. I just wanted to be helpful and share a little bit of knowledge. You're mixing stateful with non-stateful rules and this may result in unwanted packets traveling through the firewall. I thought you (and maybe others) may be interested in this. BTW.: in some environments this is a hole in the firewall and needs to be fixed, so one shouldn't use this part of your example. Since the security mailinglist is in the CC, we can't let this problem be uncommented. Another helpful suggestion: Please don't quote everything and please write your comments below the parts where they belong. This is common behavior in the FreeBSD lists and doing the opposide will result in less (useful) responses from some members of the lists (because it makes the mail harder to read and people may decide to not spend the time to read the mail and point out problem solutions or small bugs in your offering of a solution). Bye, Alexander. -- http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 To add insult to injury. -- Phaedrus
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050823185344.8wuabf44ys0cgw44>