Problem reports for i...@freebsd.org that need special attention
To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status |Bug Id | Description +---+--- New |215875 | [ipfw] ipfw lookup tables do not support mbuf_tag New |232764 | [ipfw] share/examples/ipfw/change_rules.sh: Suppo 2 problems total for which you should take action. ___ freebsd-ipfw@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
[Bug 192888] ipfw NAT vulnerable to simple DOS attacks
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192888 l...@donnerhacke.de changed: What|Removed |Added CC||l...@donnerhacke.de --- Comment #2 from l...@donnerhacke.de --- It seems that the problems still exists: (Articles in German) https://lutz.donnerhacke.de/Blog/Performance-Probleme-mit-NAT https://lutz.donnerhacke.de/Blog/Wenn-der-Traceroute-Kreise-tanzt It's a variant of the LAND attack https://en.wikipedia.org/wiki/LAND. My solution is to use ipfw (which is used to activate NAT) to drop incoming packets sourced from the public NAT IP. So simple antispoofing. -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-ipfw@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"