From owner-freebsd-current Mon Jul 1 06:32:43 1996 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id GAA27164 for current-outgoing; Mon, 1 Jul 1996 06:32:43 -0700 (PDT) Received: from shogun.tdktca.com ([206.26.1.21]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id GAA27159 for ; Mon, 1 Jul 1996 06:32:40 -0700 (PDT) Received: from shogun.tdktca.com (daemon@localhost) by shogun.tdktca.com (8.7.2/8.7.2) with ESMTP id IAA25224 for ; Mon, 1 Jul 1996 08:33:54 -0500 (CDT) Received: from orion.fa.tdktca.com ([163.49.131.130]) by shogun.tdktca.com (8.7.2/8.7.2) with SMTP id IAA25217 for ; Mon, 1 Jul 1996 08:33:54 -0500 (CDT) Received: from orion (alex@localhost [127.0.0.1]) by orion.fa.tdktca.com (8.6.12/8.6.9) with SMTP id IAA16476; Mon, 1 Jul 1996 08:35:47 -0500 Message-ID: <31D7D432.3D8895FF@fa.tdktca.com> Date: Mon, 01 Jul 1996 08:35:46 -0500 From: Alex Nash Organization: TDK Factory Automation X-Mailer: Mozilla 2.0 (X11; I; Linux 1.2.13 i586) MIME-Version: 1.0 To: Alexander Kolbasov CC: current@freefall.freebsd.org Subject: Re: IPFW bugs? References: <199606281933.MAA23688@freefall.freebsd.org> <199607011230.QAA21491@piglet.stins.msk.su> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-current@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Alexander Kolbasov wrote: > This rule actually means that anyone with root priviledges on his local host > can access any port on your local net. The rule > > ipfw add pass all from any 123 to any via $1 > > is thus equivalent to > > ipfw add pass all from any to any via $1 > > and in fact it makes the firewall absolutely open. You should not trust any > remote information, including port number! ipfw in -current (rev 1.28) and -stable (rev 1.15.4.7) has been changed to reject a combination of the "all" protocol and a port number. Alex