Date: Mon, 27 Oct 2003 14:22:35 -0500 From: "Peter C. Lai" <sirmoo@cowbert.2y.net> To: Brett Glass <brett@lariat.org> Cc: Kris Kennaway <kris@obsecurity.org> Subject: Re: Best way to filter "Nachi pings"? Message-ID: <20031027192235.GG6460@cowbert.2y.net> In-Reply-To: <6.0.0.22.2.20031027061227.03a6be78@localhost> References: <200310270731.AAA23485@lariat.org> <20031027080240.GA9552@rot13.obsecurity.org> <20031027110203.B96390@trillian.santala.org> <20031027093435.GA6111@rot13.obsecurity.org> <6.0.0.22.2.20031027061227.03a6be78@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
will the new IPFW2 build as a KLM which you could use with your old freebsd kernel? (/sbin/ipfw2 would have to be rebuilt also, but should be otherwise compatible). Similarly, is there a reason that you wouldn't be able to use the less robust ipfw2 on your release (since I assume you'd be using it purely for its iplen capabilities)? In any case, blocking ICMP etc. appears to be operationally the same as introducing unstable ipfw2 into a stable running kernel - they are at best, only temporary solutions. On Mon, Oct 27, 2003 at 06:17:26AM -0700, Brett Glass wrote: > At 02:34 AM 10/27/2003, Kris Kennaway wrote: > > >As it happens, ipfw[2] does this anyway. > > It does. But the router is a production machine and is > running an older release of FreeBSD that doesn't have > a solid IPFW2. (IPFW2 *just* hit full production quality > somewhere between 4.8-RELEASE and now, I must wait until > 4.9-RELEASE is out, and proves stable, before I can start > using IPFW2. This, as you know, may take awhile.) > > --Brett > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" -- Peter C. Lai University of Connecticut Dept. of Molecular and Cell Biology Yale University School of Medicine SenseLab | Research Assistant http://cowbert.2y.net/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031027192235.GG6460>