[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bugtraq PF vuln issue



On Tue, Jul 08, 2003 at 01:02:12AM +0200, Henning Brauer wrote:
> 1) block outgoing packets with src addresses not in the acceptable 
> range. that should be standard practice.
> example: one external IP, 10/8 inside. thus all NAT.
>   block out quick inet on $ext_if from ! $ext_if

uhm, that was incomplete, of course, two rules are needed:

block out quick inet on $ext_if from ! $ext_if
block in  quick inet on $ext_if to ! $ext_if

this may be a sign that I should go to bed finally...

-- 
http://2suck.net/hhwl.html - http://www.bsws.de/
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)