Date: Fri, 15 Dec 1995 13:34:54 +0100 From: Poul-Henning Kamp <phk@critter.tfs.com> To: "Frank ten Wolde" <franky@pinewood.nl> Cc: hackers@freebsd.org Subject: Re: Order of rules in ip_fw chain Message-ID: <6974.819030894@critter.tfs.com> In-Reply-To: Your message of "Fri, 15 Dec 1995 13:02:16 %2B0100." <9512151302.ZM27077@pwood1.pinewood.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
> 1) I would suggest adding the following lines of code in
> .../sys/netinet/ip_fw.c, line 879:
>
> This would prevent any changes in the fw chain when running in
> very secure level.
yes.
> 2) I noticed that the order in which the fw checks incoming packets is
> *not* the same as the order in which the packet rules were added.
> IMHO this should be fixed. I have not had the time (yet) to have
> a look at the source myself, but will do so in the next few weeks.
yes.
> 3) I would suggest modifying ipfw.c to give some more informative
> message if the setsockopt call fails. Now it only lists something
> like "getsockopt failed", but it does not give you the reason.
> A simple perror("") would do the trick I suppose. I will try and
> have a look at the source code in the near future.
ok.
--
Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team.
http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox.
whois: [PHK] | phk@ref.tfs.com TRW Financial Systems, Inc.
Future will arrive by its own means, progress not so.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6974.819030894>