Date: Fri, 21 Jul 2000 01:17:38 +0200 (CEST) From: Arjan de Vet <Arjan.deVet@adv.iae.nl> To: FreeBSD-gnats-submit@freebsd.org Subject: conf/20075: option IPFILTER_DEFAULT_BLOCK not in LINT (ipfilter) Message-ID: <20000720231738.A01E522E3@adv.iae.nl>
next in thread | raw e-mail | index | archive | help
>Number: 20075 >Category: conf >Synopsis: option IPFILTER_DEFAULT_BLOCK not in LINT (ipfilter) >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Thu Jul 20 16:20:02 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Arjan de Vet >Release: FreeBSD 4.1-RC i386 >Organization: - >Environment: FreeBSD adv.iae.nl 4.1-RC FreeBSD 4.1-RC #31: Thu Jul 20 18:50:34 CEST 2000 root@adv.iae.nl:/usr/src/sys/compile/ADV i386 >Description: Option IPFILTER_DEFAULT_BLOCK is not listed in LINT. It makes ipfilter block all packets by default which I consider a very useful option from a security point of view: failing to load filter rules will deny any network traffic instead of allowing all traffic. >How-To-Repeat: - >Fix: Index: LINT =================================================================== RCS file: /home/freebsd/CVS/src/sys/i386/conf/Attic/LINT,v retrieving revision 1.749.2.17 diff -u -r1.749.2.17 LINT --- LINT 2000/07/20 19:07:02 1.749.2.17 +++ LINT 2000/07/20 23:11:23 @@ -536,6 +536,7 @@ options IPDIVERT #divert sockets options IPFILTER #ipfilter support options IPFILTER_LOG #ipfilter logging +options IPFILTER_DEFAULT_BLOCK #block all packets by default options IPSTEALTH #support for stealth forwarding options TCPDEBUG >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000720231738.A01E522E3>