mfc of ipf 3.4.35 breaks POLA in 4.11, 4-Stable
Jonathan Dama
bn at donut.ugcs.caltech.edu
Fri Apr 1 16:21:13 PST 2005
IPF in 4.11, 4-Stable breaks the semantics of icmp
keep-state rules. This problem was mentioned in
http://msgs.securepoint.com/cgi-bin/get/ipfilter-0503/31/1/2/1/1.html
I wouldn't make a fuss over this simple matter
except that this constitutes a POLA violation.
To that end, the following pr was submitted:
http://www.freebsd.org/cgi/query-pr.cgi?pr=79416
Incidentially, unless I really misunderstand ipf, there
appears to be a genuine bug here. POLA issues aside, a
pass-rule is being used to block packets.
Thanks,
Jon
More information about the freebsd-stable
mailing list