From owner-freebsd-current@freebsd.org  Thu Sep 29 12:48:09 2016
Return-Path: <owner-freebsd-current@freebsd.org>
Delivered-To: freebsd-current@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id CC8D3BEC32F;
 Thu, 29 Sep 2016 12:48:09 +0000 (UTC)
 (envelope-from ohartman@zedat.fu-berlin.de)
Received: from outpost1.zedat.fu-berlin.de (outpost1.zedat.fu-berlin.de
 [130.133.4.66])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 81A5F125;
 Thu, 29 Sep 2016 12:48:09 +0000 (UTC)
 (envelope-from ohartman@zedat.fu-berlin.de)
Received: from inpost2.zedat.fu-berlin.de ([130.133.4.69])
 by outpost.zedat.fu-berlin.de (Exim 4.85)
 with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256)
 (envelope-from <ohartman@zedat.fu-berlin.de>)
 id <1bpakq-0022Lt-U4>; Thu, 29 Sep 2016 14:48:00 +0200
Received: from x55b3873c.dyn.telefonica.de ([85.179.135.60]
 helo=thor.walstatt.dynvpn.de)
 by inpost2.zedat.fu-berlin.de (Exim 4.85)
 with esmtpsa (TLSv1.2:AES256-GCM-SHA384:256)
 (envelope-from <ohartman@zedat.fu-berlin.de>)
 id <1bpakq-001aC7-KU>; Thu, 29 Sep 2016 14:48:00 +0200
Date: Thu, 29 Sep 2016 14:47:55 +0200
From: "O. Hartmann" <ohartman@zedat.fu-berlin.de>
To: FreeBSD CURRENT <freebsd-current@freebsd.org>, freebsd-security@freebsd.org
Subject: IPFW on CURRENT: NAT forwarding exposes internal IP!
Message-ID: <20160929144755.2e4f7800.ohartman@zedat.fu-berlin.de>
Organization: FU Berlin
X-Mailer: Claws Mail 3.14.0 (GTK+ 2.24.29; amd64-portbld-freebsd12.0)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: base64
X-Originating-IP: 85.179.135.60
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Sep 2016 12:48:09 -0000

LS0tLS1CRUdJTiBQR1AgU0lHTkVEIE1FU1NBR0UtLS0tLQ0KSGFzaDogU0hBMjU2DQoNCg0KRGVz
cGl0ZSBvdGhlciBwcm9ibGVtcyB3aXRoIElQRlcgYW5kIGl0cyBkb2N1bWVudGF0aW9uIHJlZ2Fy
ZGluZyBOQVQsIEkgZmFjZSBhIHNlcmlvdXMNCmFuZCBkaXN0dXJiaW5nIHByb2JsZW0uDQoNCkkg
cnVuIGEgTmFub0JTRCBiYXNlZCByb3V0ZXIvZmlyZXdhbGwgcHJvamVjdCBvZiBteSBvd24sIHJ1
bm5pbmcgQ1VSUkVOVCAoRnJlZUJTRA0KMTIuMC1DVVJSRU5UICMxIHIzMDYzMzM6IE1vbiBTZXAg
MjYgMDg6MzY6MDIgQ0VTVCAyMDE2KS4gSVBGVyBpcyB0aGUgZmlsdGVyIG9mIG15IGNob2ljZSwN
CnNpbmNlIGl0IGlzIEZyZWVCU0QncyBuYXRpdmUuIEkgYWxzbyB1c2UgSW4ta2VybmVsLU5BVCBh
cyB3ZWxsIGFzIHBwcG9lZC9wcHAuIFRoZSBtb2RlbQ0KaXMgY29ubmVjdGVkIHRvIGEgZGVkaWNh
dGVkIE5JQywgdGhlIHBwcG9lLXRyYWZmaWMgaXMgdHJhbnNwb3J0ZWQgdmlhIHR1bjAgLSBJIHRo
aW5rIHRoaXMNCmlzIHRoZSB1c3VhbCBzdHVmZi4NCg0KVGhlIElQRlcgaGFzIHRoaXMgTkFUIHJ1
bGU6DQoNCiR7ZndjbWR9ICAgICAgICBuYXQgMSBjb25maWcgaWYgJHtpZl9pc3AwfSBcDQogICAg
ICAgICAgICAgICAgICAgICAgICBsb2cgXA0KICAgICAgICAgICAgICAgICAgICAgICAgcmVzZXQg
XA0KICAgICAgICAgICAgICAgICAgICAgICAgc2FtZV9wb3J0cyBcDQogICAgICAgICAgICAgICAg
ICAgICAgICByZWRpcmVjdF9wb3J0IHRjcCAke3NlcnZlcl9nYXRlfToyMiAyMiBcDQogICAgICAg
ICAgICAgICAgICAgICAgICByZWRpcmVjdF9wb3J0IHRjcCAke3NlcnZlcl93d3d9OjgwIDgwIFwN
CiAgICAgICAgICAgICAgICAgICAgICAgIHJlZGlyZWN0X3BvcnQgdGNwICR7c2VydmVyX3d3d306
NDQzIDQ0MyBcDQogICAgICAgICAgICAgICAgICAgICAgICByZWRpcmVjdF9wb3J0IHRjcCAke3Nl
cnZlcl9yZWZkYn06OTczNCA5NzM0DQoNCnNlcnZlcl93d3cgaXMgYXNzaWduZWQgdG8gYSBub24t
b2ZmaWNpYWwgSVAsIDE5Mi4xNjguMTAuMTAuDQoNCmlmX2lzcD10dW4wLCB0dW4wJ3MgSVAgaXMg
Z2l2ZW4gYnkgdGhlIHByb3ZpZGVyLCBJIHVzZSBuZXQvZGRjbGllbnQgYXMgdGhlIHVwZGF0ZXIg
Zm9yIGENCmR5bmFtaWMgRE5TIGFjY291bnQuDQoNCkkgdXNlIGFuIGludGVybmFsIEROUyBzZXJ2
ZXIsIHdoaWNoIHJlc29sdmVzIDkyLjE2OC4xMC4xMCB0byBhIGNlcnRhaW4gbmFtZS4gSSBhbHNv
IHVzZQ0Kc2VsZiBzaWduZWQgU1NMIGNlcnRpY2F0ZXMsIGp1c3QgZm9yIGNvbXBsZXRlbmVzcyBv
ZiB0aGlzIGluZm9ybWF0aW9uLg0KDQpDb25uZWN0aW5nIGZyb20gdGhlIG91dHNpZGUgd29ybGQg
dG8gbXkgZHluRE5TIGRvbWFpbiB0cmlnZ2VycyBGaXJlZm94IG9yIGFueSBvdGhlcg0KYnJvd3Nl
ciB0byBjb21wYWxpbiBhYm91dCB0aGUgc2VsZiBzaWduZWQgU1NMIGNlcnRpZmljYXRlIC0gYXMg
dXN1YWwsIGJ1dCB0aGVuLCBhZGRpbmcNCml0LCBzdWRkZW5seSB0aGUgZG9tYWluIG5hbWUgKHNh
eTogd3d3LmJsYWJsYS5vcmcpIGlzIHJlcGxhY2VkIGJ5IHRoZSBpbnRlcm5hbCBJUCBJDQpkZWxl
Z2F0ZSBhbnkgYWNjZXNzIG9uIHBvcnRzIDgwIGFuZCA0NDMgdG8uDQoNCldoYXQgaGFwcGVucyBo
ZXJlPyBJIGNvbnNpZGVyIHRoaXMgYSBidWcsIEkgbmV2ZXIgc2F3IHRoaXMgb24gb3VyIExpbnV4
IHNlcnZlcnMgcnVubmluZyBhDQpzaW1pbGFyIHNldHVwIChmb3J3YXJkaW5nLCBCSU5EIDkuMTAv
QklORCA5LjExKS4NCg0KVGhhbmtzLA0KDQpPbGl2ZXINCi0tLS0tQkVHSU4gUEdQIFNJR05BVFVS
RS0tLS0tDQpWZXJzaW9uOiBHbnVQRyB2Mg0KDQppUUVjQkFFQkNBQUdCUUpYN1ExN0FBb0pFT2dC
Y0Q3QS81Tjg4eUFIL1JaTFVSUWJDNUxUZ0pEL05VZEU1MUYzDQp5UFZhVVFJYWVHbTkzZHU4N0sy
b3BYczNETnRNcjBtMVNJMXdRWmRPQVFEbDN5cU1rejliWDlWVFV3ZXVBbHRwDQpaY0J4aFoyVkFD
UUpDdS9Bc1lJV1dXcDZybGluaXlaV01yK1RPeU50VER4ZFBySVhZendlZlgrZllOK1V5LzA0DQo5
UGFsZmNUL1MrOXE1REtkN3NtN0s2THFzVTBISjlHcEtnTm5zeXFXRUFXdk9SZ3hVdktTM0dTOWpF
anhVbnJEDQoyMHlUWGp5aXUwbVM4VVlMUzdEYnJyZ0l0ZzNmWEVKVkc4MTg4dHdlRkI1YWFsUVJI
Nm95TkdheFdsR2FGOFJjDQpLOXQ0Nzl2Nk9XM1hDczlGaUc2QXRDenBtblVrQ29NdHhsN2xZM2hQ
VS9TaDFQNWVwWXUyNmJkb0YyZWNyMWc9DQo9b01HTA0KLS0tLS1FTkQgUEdQIFNJR05BVFVSRS0t
LS0tDQo=