[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: kernel/572: no way to install a rule for 0.0.0.0 in ipf
- To: bugs_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org
- Subject: Re: kernel/572: no way to install a rule for 0.0.0.0 in ipf
- From: "Angelos D. Keromytis" <angelos_(_at_)_dsl_(_dot_)_cis_(_dot_)_upenn_(_dot_)_edu>
- Date: Wed, 12 Aug 1998 17:10:01 -0600 (MDT)
- Reply-to: "Angelos D. Keromytis" <angelos_(_at_)_dsl_(_dot_)_cis_(_dot_)_upenn_(_dot_)_edu>
The following reply was made to PR kernel/572; it has been noted by GNATS.
From: "Angelos D. Keromytis" <angelos_(_at_)_dsl_(_dot_)_cis_(_dot_)_upenn_(_dot_)_edu>
To: mickey_(_at_)_lucifier_(_dot_)_dial-up_(_dot_)_user_(_dot_)_akula_(_dot_)_net
Cc: gnats_(_at_)_openbsd_(_dot_)_org
Subject: Re: kernel/572: no way to install a rule for 0.0.0.0 in ipf
Date: Wed, 12 Aug 1998 19:01:39 -0400
-----BEGIN PGP SIGNED MESSAGE-----
To: mickey_(_at_)_lucifier_(_dot_)_dial-up_(_dot_)_user_(_dot_)_akula_(_dot_)_net
Subject: Re: kernel/572: no way to install a rule for 0.0.0.0 in ipf
Cc: gnats_(_at_)_openbsd_(_dot_)_org
Date: 08/12/98, 19:01:37
>>Description:
> if one would try to install a rule like:
> block in on <iface> from 0.0.0.0 to any
> ipf would insert a 'any' instead of 0.0.0.0, so:
> block in on <iface> from any to any
> which is wrong, since blocking packets w/
> 0.0.0.0 return address is actually one of the required
> rules to have in any firewall.
Did you try 0.0.0.0/32 ?
- -Angelos
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
iQEVAwUBNdIe0XcrsxJuc7vBAQF+HQf9Hm1Xf12wS1MCBhXbRGNjrz985kVUnrA2
bYPVrJjUMZ/mBANrgL8yw2TKTutTEqzhT4vJp2ANSsjWCOgbhYaezBVIz3sxHd77
VF0+cW7bd6zuQwPSbI3e4y/Ms7S/sZtZOkp187bmDAUUgjUXdmXOL8rD0qpA+REl
MwBvhjd1BwHxBd7s/KtEavnpcOFtsvB8Fn6fkp2J1RhOsW0mVUwvH8ULpliKdZC5
ZLGWueMzQGWrUGF+8wj3a9YQFxE3t9u4XtzxV0qlCF1G4EokbC6eENvq1S/0iS7N
ZDELD4W83JTrWcVxjxNI/3xb5IgR3aD+yUYdmAEgGYTR1UKUETwhiQ==
=pyX2
-----END PGP SIGNATURE-----
Visit your host, monkey.org