On Thu, May 1, 2014 at 1:31 AM, Cédric Jeanneret <[email protected]> wrote:
> Hello, > > Just stumbled on these "great" announces: > http://www.freebsd.org/security/advisories/FreeBSD-SA-14:08.tcp.asc > http://www.freebsd.org/security/advisories/FreeBSD-SA-14:09.openssl.asc > > Bet there will be a new version of pfsense shortly (2.1.3?), but in the > meanwhile, regarding the TCP flaw, is the following option activated in pf: > scrub in all > > I didn't manage to get hand on the /etc/pf.conf mentioned file (see > "workaround" section in the TCP advisory)… > > Cheers, > > C. > In its default configuration, pfSense is not vulnerable to the 14:08 attack. As mentioned in the advisory, using the pf "scrub" feature protects you. Scrubbing is controlled by a checkbox on the "System" -> "Advanced" -> "Firewall" page. You can use "pfctl -sa" to verify that the "scrub" rules exist on your firewall. I have not been able to determine on my own whether pfSense is affected by 14:09 or not. Moshe -- Moshe Katz -- [email protected] -- +1(301)867-3732
_______________________________________________ List mailing list [email protected] https://lists.pfsense.org/mailman/listinfo/list
