|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: IP Filter 3.4.9/3.3.18 (fwd)
From: Darren Reed (darrenr
reed.wattle.id.au)Date: Tue Aug 08 2000 - 10:06:54 CDT
- Next message: Bryan Bradsby: "Re: pine 4.21 port issues?"
- Previous message: Robert Watson: "Re: pine 4.21 port issues?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I'll look at importing this on the weekend. Any sooner and I don't have
time to not do a rush job.
Darren
> ----- Forwarded message from Darren Reed -----
>
> From owner-ipfiltercairo.anu.edu.au Wed Aug 9 0:20:00 2000
> X-Authentication-Warning: cairo.anu.edu.au: majordomo set sender to owner-ipfiltercoombs.anu.edu.au using -f
> From: Darren Reed <darrenrreed.wattle.id.au>
> Message-Id: <200008081409.AAA20852avalon.reed.wattle.id.au>
> Subject: IP Filter 3.4.9/3.3.18 (fwd)
> To: ipfiltercoombs.anu.edu.au
> Date: Wed, 9 Aug 2000 00:09:06 +1000 (EST)
> X-Mailer: ELM [version 2.4ME+ PL37 (25)]
> Sender: owner-ipfiltercoombs.anu.edu.au
>
> My apologies for the "lockup", but at the last moment I realised
> that similar code paths were used in NAT and state and had to fix
> a similar ICMP handling but in NAT. I *really* didn't want to
> have to make a new version# just for that. Everything should
> now be accessible...
>
> Darren
>
> > Ok, now I'm relaxed...and the niggles should be ironed out.
> >
> > 3.4.9/3.3.18 fix up existing problems with the FTP proxy in
> > prior versions. The reason it took so long to iron out the
> > problem with 3.4.8 is due to a dodgy interface which will be
> > addressed for 4.0 (currently exists there too :-/).
> >
> > The 'global' fr_chksrc can now be 0 (disable checking of
> > spoofed source address packets), 1 (enabled) or 2 (log the
> > packets which it detects as having spoofed source IP#'s).
> > This check is done using the routing table. For FreeBSD 4,
> > the sysctl will now show up (I'll merge this into -current
> > over the weekend when I'm not in a hurry).
> >
> > Most of the other changes have been "spurious" except for
> > one - the handling of ICMP packets for known state.
> > This bug crept in with fr_checkicmpmatchingstate() and has
> > been made mention of to me without any real pointers until
> > the weekend (which is the impetus for these). That is now
> > plugged and all should be well there. If you feel nervous
> > about uprading then dig through the patch files for the
> > changes to ip_state.c (blocking packets won't help because
> > state check happens before that...mmm, having the source..
> > but that'll change soon too, in 4.0alpha O:-).
> >
> > I will be updating 4.0alpha later...
> >
> > Darren
> >
> > ftp://coombs.anu.edu.au/pub/net/ip-filter/ip_fil3.4.9.tar.gz
> > ftp://coombs.anu.edu.au/pub/net/ip-filter/patch-3.4.9.gz
> > ftp://coombs.anu.edu.au/pub/net/ip-filter/ip_fil3.3.18.tar.gz
> > ftp://coombs.anu.edu.au/pub/net/ip-filter/patch-3.3.18.gz
> >
> > --------------------------------------------------------------------
> > 3.4.9 08/08/2000 - Released
> >
> > implement new aging mechanism in fr_tcp_age()
> >
> > fix icmp state checking bug
> >
> > revamp buildsunos script and build both sparcv7/sparcv9 for Solaris
> > if on an Ultra with a 64bit system & compiler (Caseper Dik)
> >
> > open ipfilter device read only if we know we can
> >
> > print out better information for ICMP packets in ipmon
> >
> > move checking for source spoofed packets to a point where we can generate
> > logs of them
> >
> > return EFAULT from ircopyptr/iwcopyptr
> >
> > don't do ioctl(SIOCGETFS) for auth stats
> >
> > fix up freeing mbufs for post-4.3BSD
> >
> > fix returning of inc from ftp proxy
> >
> > fix bugs with ipfs -R/-W (Caseper Dik)
> >
> > 3.4.8 19/07/2000 - Released
> > --------------------------------------------------------------------
> > 3.3.18 08/08/2000 - Released
> >
> > fix up command checking in the ftp proxy
> >
> > fix getting the version from the kernel for solaris
> >
> > fix icmp state checking bug
> >
> > print out better information for ICMP packets in ipmon
> >
> > open ipfilter device read only if we know we can
> >
> > 3.3.17 08/07/2000 - Released
> > --------------------------------------------------------------------
> >
> > ----- End of forwarded message from Darren Reed -----
>
> ----- End of forwarded message from Darren Reed -----
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Bryan Bradsby: "Re: pine 4.21 port issues?"
- Previous message: Robert Watson: "Re: pine 4.21 port issues?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]