Date: Mon, 01 Jul 1996 08:35:46 -0500 From: Alex Nash <alex@fa.tdktca.com> To: Alexander Kolbasov <akolb@stins.msk.su> Cc: current@freefall.freebsd.org Subject: Re: IPFW bugs? Message-ID: <31D7D432.3D8895FF@fa.tdktca.com> References: <199606281933.MAA23688@freefall.freebsd.org> <199607011230.QAA21491@piglet.stins.msk.su>
next in thread | previous in thread | raw e-mail | index | archive | help
Alexander Kolbasov wrote: > This rule actually means that anyone with root priviledges on his local host > can access any port on your local net. The rule > > ipfw add pass all from any 123 to any via $1 > > is thus equivalent to > > ipfw add pass all from any to any via $1 > > and in fact it makes the firewall absolutely open. You should not trust any > remote information, including port number! ipfw in -current (rev 1.28) and -stable (rev 1.15.4.7) has been changed to reject a combination of the "all" protocol and a port number. Alex
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?31D7D432.3D8895FF>