Date: Mon, 31 Jul 2000 23:23:55 +1000 (EST) From: Darren Reed <avalon@coombs.anu.edu.au> To: trish@bsdunix.net (Siobhan Patricia Lynch) Cc: freebsd-security@FreeBSD.ORG Subject: Re: ipf or ipfw (was: log with dynamic firewall rules) Message-ID: <200007311323.XAA29849@cairo.anu.edu.au> In-Reply-To: <Pine.BSO.4.21.0007310903460.21752-100000@superconductor.rush.net> from Siobhan Patricia Lynch at "Jul 31, 0 09:07:01 am"
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Siobhan Patricia Lynch, sie said: > unfortunately, it was put in as a stop gap. you have to remember that > certain people were opposed to me doing ANYTHING at first, however I have > not had a problem to date. and the traffic flowing through it is quite > heavy. It occurs to me that perhaps these people should have been listened to more closely... > noone is going to convince me that ipfw is the wrong thing for the job, > maybe not the *best* thing, but that simply means that I would have needed > an openbsd disk in an emergency at that particular time and had I had the > cd's , well we wouldn;t be having this discussion on a *freebsd* list, > eh? Well, had you gone the OpenBSD route you wouldn't have introduced a number of bugs which can lead to a system doing filtering on bridged packets going "boom". This is the sort of careless activity that leads to security holes being introduced - and what's worse, it could have been avoided. Maybe the post to bugtraq about this should list you personally as the reason to blame if you want to claim the responsibility for it (ipfw for bridging) being introduced. Darren p.s. I'm indifferent to what OS you chose, but not so to blantantly buggy code being added to the kernel. Nobody reviewed it either ? SIGH! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200007311323.XAA29849>