Re: Best way to filter "Nachi pings"?
From: Peter C. Lai (sirmoo_at_cowbert.2y.net)
Date: 10/27/03
- Previous message: Gaspar Chilingarov: "Re: Best way to filter "Nachi pings"?"
- In reply to: Brett Glass: "Re: Best way to filter "Nachi pings"?"
- Next in thread: Brett Glass: "Re: Best way to filter "Nachi pings"?"
- Reply: Brett Glass: "Re: Best way to filter "Nachi pings"?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 27 Oct 2003 14:22:35 -0500 To: Brett Glass <brett@lariat.org>
will the new IPFW2 build as a KLM which you could use with your old freebsd
kernel? (/sbin/ipfw2 would have to be rebuilt also, but should be otherwise
compatible).
Similarly, is there a reason that you wouldn't be able to use the less robust
ipfw2 on your release (since I assume you'd be using it purely for its iplen
capabilities)? In any case, blocking ICMP etc. appears to be operationally
the same as introducing unstable ipfw2 into a stable running kernel - they
are at best, only temporary solutions.
On Mon, Oct 27, 2003 at 06:17:26AM -0700, Brett Glass wrote:
> At 02:34 AM 10/27/2003, Kris Kennaway wrote:
>
> >As it happens, ipfw[2] does this anyway.
>
> It does. But the router is a production machine and is
> running an older release of FreeBSD that doesn't have
> a solid IPFW2. (IPFW2 *just* hit full production quality
> somewhere between 4.8-RELEASE and now, I must wait until
> 4.9-RELEASE is out, and proves stable, before I can start
> using IPFW2. This, as you know, may take awhile.)
>
> --Brett
>
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
-- Peter C. Lai University of Connecticut Dept. of Molecular and Cell Biology Yale University School of Medicine SenseLab | Research Assistant http://cowbert.2y.net/ _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: Gaspar Chilingarov: "Re: Best way to filter "Nachi pings"?"
- In reply to: Brett Glass: "Re: Best way to filter "Nachi pings"?"
- Next in thread: Brett Glass: "Re: Best way to filter "Nachi pings"?"
- Reply: Brett Glass: "Re: Best way to filter "Nachi pings"?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
