On 05/01/2014 07:51 AM, Moshe Katz wrote: > On Thu, May 1, 2014 at 1:31 AM, Cédric Jeanneret <[email protected]> wrote: > >> Hello, >> >> Just stumbled on these "great" announces: >> http://www.freebsd.org/security/advisories/FreeBSD-SA-14:08.tcp.asc >> http://www.freebsd.org/security/advisories/FreeBSD-SA-14:09.openssl.asc >> >> Bet there will be a new version of pfsense shortly (2.1.3?), but in the >> meanwhile, regarding the TCP flaw, is the following option activated in pf: >> scrub in all >> >> I didn't manage to get hand on the /etc/pf.conf mentioned file (see >> "workaround" section in the TCP advisory)… >> >> Cheers, >> >> C. >> > > In its default configuration, pfSense is not vulnerable to the 14:08 > attack. As mentioned in the advisory, using the pf "scrub" feature > protects you. > Scrubbing is controlled by a checkbox on the "System" -> "Advanced" -> > "Firewall" page. You can use "pfctl -sa" to verify that the "scrub" rules > exist on your firewall. > > I have not been able to determine on my own whether pfSense is affected by > 14:09 or not. > > Moshe
Hello Moshe, Thanks for your answer. I'm unable to check right now, it seems my ISP has some problems, and I just can't ssh to my home LAN -.-'. Hopefully it's not a pfsense crash ;) (as this may be a result of 14:08). Cheers, C. _______________________________________________ List mailing list [email protected] https://lists.pfsense.org/mailman/listinfo/list
