Date: Tue, 29 Jul 2008 07:38:15 -0700 From: Jeff Kletsky <jeff+freebsd@wagsky.com> To: freebsd-security@freebsd.org Subject: Re: ipfw "bug" - recv any = not recv any Message-ID: <488F2B57.7000706@wagsky.com>
next in thread | raw e-mail | index | archive | help
> In practice, both "recv any" and "not recv any" appear to be "no-op" > phrases. > [...] > In my opinion, the following would be "ideal" > > 1) "recv any" -- matches packets that have been received by the host > through one of its interfaces > 2) "not recv any" -- does not match packets that have been received by > the host through one of its interfaces > > Unfortunately, implementing (1) would likely break a lot of people's > rule sets > > (2), however, I can't immediately see being used without expecting that > it would fail to match packets that were received by the current host, > so its implementation would be a bit "safer" for the community > Julian Elishcher suggested: > how does "not recv *" (appropriatly escaped for your shell) do? This does appear to "work as desired" -- suggesting documentation clarification rather than functionality change My apologies for not posting to the ipfw list. Jeff
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?488F2B57.7000706>