From owner-freebsd-security  Wed Feb 14 14:19: 1 2001
Delivered-To: freebsd-security@freebsd.org
Received: from linux.intcon.net (linux.intcon.net [206.230.48.2])
	by hub.freebsd.org (Postfix) with ESMTP id 8E6B237B4EC
	for <freebsd-security@freebsd.org>; Wed, 14 Feb 2001 14:18:55 -0800 (PST)
Received: from geoenergycorp.com (ip1.geoenergycorp.com [206.230.53.65])
	by linux.intcon.net (8.11.0/8.11.0) with ESMTP id f1EMInj05600;
	Wed, 14 Feb 2001 16:18:50 -0600
Received: from hercules.geoenergycorp.com (hercules.geoenergycorp.com [149.180.115.18])
	by geoenergycorp.com (8.9.3/8.9.3) with ESMTP id QAA41199;
	Wed, 14 Feb 2001 16:18:45 -0600 (CST)
	(envelope-from steve@geoenergycorp.com)
Received: (from steve@localhost)
	by hercules.geoenergycorp.com (8.9.3+Sun/8.9.3) id QAA14724;
	Wed, 14 Feb 2001 16:18:44 -0600 (CST)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <14987.1092.683632.479952@hercules.geoenergycorp.com>
Date: Wed, 14 Feb 2001 16:18:44 -0600 (CST)
To: Stefan <roijers@iae.nl>
From: steve@megahack.com
Subject: Abnormal behaviour of "established" rule with ipfw?
In-Reply-To: <97157568@toto.iv>
X-Mailer: VM 6.75 under 21.1 (patch 10) "Capitol Reef" XEmacs Lucid
Cc: freebsd-security@freebsd.org
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

>>>>> "Stefan" == Stefan  <roijers@iae.nl> writes:

    Stefan> Abnormal behaviour of "established" rule with ipfw?
    Stefan> Theoretically, I think, the following firewall rules for
    Stefan> ipfw would never allow any tcp connection simply because a
    Stefan> connection can not be setup:

If you cvsup'ed between Feb 1 and Feb 2, your ipfw is badly broken:

http://docs.freebsd.org/cgi/getmsg.cgi?fetch=5604+0+archive/2001/freebsd-security-notifications/20010211.freebsd-security-notifications

Steve


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message