ipfw: reset tcp
eugen at grosbein.pp.ru
Thu May 13 06:55:44 PDT 2004
On Thu, May 13, 2004 at 06:48:56AM -0700, Luigi Rizzo wrote:
> 2.- all other firewall-generated TCP packets (rst and keepalives)
> go through send_pkt() and then bypass the firewall.
> The only way we could safely go through the firewall again is
> to make sure that we never send a RST in response to a RST (need
> to add an additional check in O_REJECT).
> Give me a few days (i.e. ping me again on monday!) to come up with
> a safe patch to do this, which does not rely on the programmer to
> DTRT and avoid loops.
Thanks a lot!
More information about the freebsd-ipfw