From owner-freebsd-security Mon Jul 31 8:39:34 2000 Delivered-To: freebsd-security@freebsd.org Received: from superconductor.rush.net (superconductor.rush.net [208.9.155.8]) by hub.freebsd.org (Postfix) with ESMTP id 94A5A37BBD4 for ; Mon, 31 Jul 2000 08:39:23 -0700 (PDT) (envelope-from trish@bsdunix.net) Received: from localhost (trish@localhost) by superconductor.rush.net (8.9.3/8.9.3) with ESMTP id LAA10910; Mon, 31 Jul 2000 11:39:02 -0400 (EDT) Date: Mon, 31 Jul 2000 11:39:01 -0400 (EDT) From: Siobhan Patricia Lynch X-Sender: trish@superconductor.rush.net To: Darren Reed Cc: freebsd-security@FreeBSD.ORG Subject: Re: ipf or ipfw (was: log with dynamic firewall rules) In-Reply-To: <200007311323.XAA29849@cairo.anu.edu.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org funny, the amount fo traffic we do, and it hasn;t gone boom yet tell me how to reproduce it, and well, if I crash it, then I'll switch, you'll have to do some convincing first. like I said, I do some pretty insane traffic through this thing and I haven;t had *any* problems to date. -Trish __ Trish Lynch FreeBSD - The Power to Serve trish@bsdunix.net Rush Networking trish@rush.net On Mon, 31 Jul 2000, Darren Reed wrote: > In some mail from Siobhan Patricia Lynch, sie said: > > unfortunately, it was put in as a stop gap. you have to remember that > > certain people were opposed to me doing ANYTHING at first, however I have > > not had a problem to date. and the traffic flowing through it is quite > > heavy. > > It occurs to me that perhaps these people should have been listened to > more closely... > > > noone is going to convince me that ipfw is the wrong thing for the job, > > maybe not the *best* thing, but that simply means that I would have needed > > an openbsd disk in an emergency at that particular time and had I had the > > cd's , well we wouldn;t be having this discussion on a *freebsd* list, > > eh? > > Well, had you gone the OpenBSD route you wouldn't have introduced a number > of bugs which can lead to a system doing filtering on bridged packets going > "boom". This is the sort of careless activity that leads to security holes > being introduced - and what's worse, it could have been avoided. Maybe the > post to bugtraq about this should list you personally as the reason to blame > if you want to claim the responsibility for it (ipfw for bridging) being > introduced. > > Darren > > p.s. I'm indifferent to what OS you chose, but not so to blantantly buggy > code being added to the kernel. Nobody reviewed it either ? SIGH! > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message