[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kernel/572: no way to install a rule for 0.0.0.0 in ipf



The following reply was made to PR kernel/572; it has been noted by GNATS.

From: "Angelos D. Keromytis" <angelos_(_at_)_dsl_(_dot_)_cis_(_dot_)_upenn_(_dot_)_edu>
To: mickey_(_at_)_lucifier_(_dot_)_dial-up_(_dot_)_user_(_dot_)_akula_(_dot_)_net
Cc: gnats_(_at_)_openbsd_(_dot_)_org
Subject: Re: kernel/572: no way to install a rule for 0.0.0.0 in ipf 
Date: Wed, 12 Aug 1998 19:01:39 -0400

 -----BEGIN PGP SIGNED MESSAGE-----
 
 To: mickey_(_at_)_lucifier_(_dot_)_dial-up_(_dot_)_user_(_dot_)_akula_(_dot_)_net
 Subject: Re: kernel/572: no way to install a rule for 0.0.0.0 in ipf 
 Cc: gnats_(_at_)_openbsd_(_dot_)_org
 Date: 08/12/98, 19:01:37
 
 
 >>Description:
 >	if one would try to install a rule like:
 >	block in on <iface> from 0.0.0.0 to any
 >	ipf would insert a 'any' instead of 0.0.0.0, so:
 >	block in on <iface> from any to any
 >	which is wrong, since blocking packets w/
 >	0.0.0.0 return address is actually one of the required
 >	rules to have in any firewall.
 
 Did you try 0.0.0.0/32 ?
 - -Angelos
 
 -----BEGIN PGP SIGNATURE-----
 Version: 2.6.3ia
 Charset: noconv
 Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
 
 iQEVAwUBNdIe0XcrsxJuc7vBAQF+HQf9Hm1Xf12wS1MCBhXbRGNjrz985kVUnrA2
 bYPVrJjUMZ/mBANrgL8yw2TKTutTEqzhT4vJp2ANSsjWCOgbhYaezBVIz3sxHd77
 VF0+cW7bd6zuQwPSbI3e4y/Ms7S/sZtZOkp187bmDAUUgjUXdmXOL8rD0qpA+REl
 MwBvhjd1BwHxBd7s/KtEavnpcOFtsvB8Fn6fkp2J1RhOsW0mVUwvH8ULpliKdZC5
 ZLGWueMzQGWrUGF+8wj3a9YQFxE3t9u4XtzxV0qlCF1G4EokbC6eENvq1S/0iS7N
 ZDELD4W83JTrWcVxjxNI/3xb5IgR3aD+yUYdmAEgGYTR1UKUETwhiQ==
 =pyX2
 -----END PGP SIGNATURE-----
 


Visit your host, monkey.org