[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bugtraq PF vuln issue
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: Bugtraq PF vuln issue
- From: Henning Brauer <lists-openbsd_(_at_)_bsws_(_dot_)_de>
- Date: Tue, 8 Jul 2003 01:40:09 +0200
- Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org
On Tue, Jul 08, 2003 at 01:02:12AM +0200, Henning Brauer wrote:
> 1) block outgoing packets with src addresses not in the acceptable
> range. that should be standard practice.
> example: one external IP, 10/8 inside. thus all NAT.
> block out quick inet on $ext_if from ! $ext_if
uhm, that was incomplete, of course, two rules are needed:
block out quick inet on $ext_if from ! $ext_if
block in quick inet on $ext_if to ! $ext_if
this may be a sign that I should go to bed finally...
http://2suck.net/hhwl.html - http://www.bsws.de/
Unix is very simple, but it takes a genius to understand the simplicity.