kern/165939: [ipw] security bug: incomplete firewall rules
loaded if tables are used in ipfw.conf
Ian Smith
smithi at nimnet.asn.au
Sat Jul 14 18:51:42 UTC 2012
On Sat, 14 Jul 2012 18:59:54 +0100, Chris Rees wrote:
> On 14 Jul 2012 18:49, "Ian Smith" <smithi at nimnet.asn.au> wrote:
> >
> > On Sat, 14 Jul 2012, crees at freebsd.org wrote:
> > > http://www.freebsd.org/cgi/query-pr.cgi?pr=165939
[..]
> > Yes, to such a ruleset you'd need to add 'table all flush' too.
> >
> > ipfw flush specifically does not flush tables. I've long relied upon
> > that, using mostly static tables only reloaded from a file saved hourly
> > by cron, when $firewall_script finds tables are not loaded - ie at boot.
>
> Not A Bug then?
Not For Me at least, Chris. Maybe ipfw(8) isn't specific enough about
flush? I can't speak for others, but don't think flushing all tables in
rc.firewall useful when it's easy to include in your particular ruleset.
cheers, Ian
More information about the freebsd-ipfw
mailing list