Date: Mon, 31 Jul 2000 11:39:01 -0400 (EDT) From: Siobhan Patricia Lynch <trish@bsdunix.net> To: Darren Reed <avalon@coombs.anu.edu.au> Cc: freebsd-security@FreeBSD.ORG Subject: Re: ipf or ipfw (was: log with dynamic firewall rules) Message-ID: <Pine.BSO.4.21.0007311137050.21752-100000@superconductor.rush.net> In-Reply-To: <200007311323.XAA29849@cairo.anu.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
funny, the amount fo traffic we do, and it hasn;t gone boom yet tell me how to reproduce it, and well, if I crash it, then I'll switch, you'll have to do some convincing first. like I said, I do some pretty insane traffic through this thing and I haven;t had *any* problems to date. -Trish __ Trish Lynch FreeBSD - The Power to Serve trish@bsdunix.net Rush Networking trish@rush.net On Mon, 31 Jul 2000, Darren Reed wrote: > In some mail from Siobhan Patricia Lynch, sie said: > > unfortunately, it was put in as a stop gap. you have to remember that > > certain people were opposed to me doing ANYTHING at first, however I have > > not had a problem to date. and the traffic flowing through it is quite > > heavy. > > It occurs to me that perhaps these people should have been listened to > more closely... > > > noone is going to convince me that ipfw is the wrong thing for the job, > > maybe not the *best* thing, but that simply means that I would have needed > > an openbsd disk in an emergency at that particular time and had I had the > > cd's , well we wouldn;t be having this discussion on a *freebsd* list, > > eh? > > Well, had you gone the OpenBSD route you wouldn't have introduced a number > of bugs which can lead to a system doing filtering on bridged packets going > "boom". This is the sort of careless activity that leads to security holes > being introduced - and what's worse, it could have been avoided. Maybe the > post to bugtraq about this should list you personally as the reason to blame > if you want to claim the responsibility for it (ipfw for bridging) being > introduced. > > Darren > > p.s. I'm indifferent to what OS you chose, but not so to blantantly buggy > code being added to the kernel. Nobody reviewed it either ? SIGH! > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSO.4.21.0007311137050.21752-100000>