[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bugtraq PF vuln issue

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: Bugtraq PF vuln issue
From: Henning Brauer <lists-openbsd_(_at_)_bsws_(_dot_)_de>
Date: Tue, 8 Jul 2003 01:40:09 +0200
Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org

On Tue, Jul 08, 2003 at 01:02:12AM +0200, Henning Brauer wrote:
> 1) block outgoing packets with src addresses not in the acceptable 
> range. that should be standard practice.
> example: one external IP, 10/8 inside. thus all NAT.
>   block out quick inet on $ext_if from ! $ext_if

uhm, that was incomplete, of course, two rules are needed:

block out quick inet on $ext_if from ! $ext_if
block in  quick inet on $ext_if to ! $ext_if

this may be a sign that I should go to bed finally...

-- 
http://2suck.net/hhwl.html - http://www.bsws.de/
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

References:
- Re: Bugtraq PF vuln issue
  - From: Henning Brauer

Prev by Date: Re: xdm Activation
Next by Date: XF86Config for Sun UltraSPARC 5
Previous by thread: Re: Bugtraq PF vuln issue
Next by thread: ASUS SK8N Uniprocessor Opteron Motherboard Info
Index(es):
- Date
- Thread

Visit your host, monkey.org