/2019, you wrote:
On Sat, Mar 23, 2019 at 6:27 PM Brett Glass
<<mailto:br...@lariat.net>br...@lariat.net> wrote:
Everyone:
I've been building custom kernels for FreeBSD 12.0, and have noticed
a message on the console, during boot, that I haven't seen from prior
versions. It do
generate such a file? Or, if I don't really need to do so,
is there a way to suppress the message?
--Brett Glass
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "fr
So do I. However, there have been no updates from the person you mention
in a week, so I believe it's quite reasonable to inquire as to the progress
of the release.
--Brett Glass
At 09:50 PM 9/7/2016, you wrote:
I find reading the freebsd-stable@freebsd.org list, particularly the
messages
All:
How's the release coming? I have heard that there were some
showstoppers involving file systems; have they been addressed?
I am sticking with 10.3 for production machines, but have a
customer who wants an 11.0 machine when it comes out.
--Brett Glass
or hardware defects in individual
systems, so I am eager to hear how the new release is working for everyone.
--Brett Glass
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail
Building up some servers with 9.1 (latest patch level), but want to
switch to 9.2 ASAP if it is solid. How goes the build? Remaining
TODOs? Estimated release date?
___
freebsd-stable@freebsd.org mailing list
than it is of a collaborative open source project.
And it is important to have targets.
Transparency is vital. I do not mind justified schedule slippages,
so long as I can track progress and plan appropriately. It is when I
(and everyone else) are in the dark that things get difficult.
--Brett
passed quietly through
committers so as to avoid this. Maybe the situation is better now; I don't
know.
As for monetary donations: We are not a large corporation, and so could only
make relatively small ones as opposed to more valuable in kind donations.
--Brett Glass
. ;-)
--Brett Glass
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
am
glad that this is not the holdup. I just need to plan my time so that I get
a vacation SOMETIME this season and also keep my commitments. Alas, there
have been no updates to the projected schedule or to the To Do list to
help me out.
--Brett Glass
something for nothing.
This isn't an attack at you Brett; this is more of a general observation.
I hope it's not. In my previous message, I offered to donate a server. Along
with some bandwidth, if that's useful.
--Brett Glass
___
freebsd-stable@freebsd.org
project need a fresh server to be donated to handle the release?
--Brett Glass
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
of the most robust
and stable releases ever, and I used it for many years.
--Brett Glass
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to freebsd-stable-unsubscr
systems.
--Brett Glass
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
At 04:32 PM 11/3/2012, Karl Denninger wrote:
It is utter insanity to enable, by default, filesystem options
that break the canonical backup solution in the handbook (dump,
when used with -L, which it must be to dump a live filesystem SAFELY.)
I have not used dump in many, many years. So, I
/query-pr-summary.cgi?category=severity=priority=class=state=opensort=nonetext=responsible=multitext=originator=release=
shows several open PRs mentioning panics, corruption, and reboots.
Are they still open because problems exist? Or have the committers
simply neglected to close them?
--Brett
I need to build up a few servers and routers, and am wondering how
FreeBSD 9.1 is shaping up. Will it be likely to be more stable and
robust than 9.0-RELEASE? Are there issues that will have to wait
until 9.2-RELEASE to be fixed? Opinions welcome.
--Brett Glass
I need to build up a few servers and routers, and am wondering how
FreeBSD 9.1 is shaping up. Will it be likely to be more stable and
robust than 9.0-RELEASE? Are there issues that will have to wait
until 9.2-RELEASE to be fixed? Opinions welcome.
--Brett Glass
Everyone:
I've just noted that as of this month, there is no release of
FreeBSD -- on any branch -- whose EOL is less than a year away.
Should there not be at least one release with extended support?
--Brett Glass
___
freebsd-stable@freebsd.org
At 12:34 PM 12/13/2011, Ben Kaduk wrote:
If I remember correctly, your original message mentioned seeing this
issue in emacs; have you tried reproducing it in a simpler test case?
No; when we hit the bug, we moved to SSH with a VT100 emulator so that
we could configure the system. But the
(Ctrl-D and Ctrl-K),
etc. It's very obvious.
Does it only happen on the console, or also when using a regular xterm?
I do not use regular xterms, so I can't answer that, alas.
--Brett Glass
___
freebsd-stable@freebsd.org mailing list
http
At 11:36 AM 12/11/2011, Ben Kaduk wrote:
Did you take the change to /etc/ttys going from cons25 to xterm 'type'?
I didn't have to change it; it was that way when the OS was installed.
Problem seems to be that the behavior (specifically, reverse video on the
25th line) doesn't quite match the
networking problems I haven't observed yet),
but both are probably worth looking into.
--Brett Glass
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to freebsd-stable-unsubscr
a procedural environment, because
there are so many contingencies and possible combinations of
parameters. But there doesn't seem to be any combination of
variables I can assign in rc.conf that doesn't cause errors when I
try to create VLANs.
--Brett Glass
like to avoid, as does
8.2-RELEASE. Recommendations?
--Brett Glass
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
.
--Brett Glass
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Any word regarding timing of FreeBSD 9.0-RC1? Building machines,
and would like to build with at least a release candidate rather than a beta.
--Brett Glass
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd
Thank you! Did not know to look for this in the source tree; now I
know.
--Brett Glass
At 04:24 PM 10/16/2011, Andrew Thompson wrote:
On 17 October 2011 11:22, Brett Glass br...@lariat.net wrote:
Any word regarding timing of FreeBSD 9.0-RC1? Building machines, and would
like to build
Just tried to build a new kernel in 9.0-BETA3 with the IPFIREWALL
option, and found that the build halts with a compiler error. The
error occurs at netinet/ipfw/ip_fw_pfil.c, line 185, where the
compiler complains that the variable len is used before
intialization. Problem occurs on both i386
Please MFC support for ASIX AX88172A USB Ethernet to 7.3-RELEASE;
see
http://www.freebsd.org/cgi/query-pr.cgi?pr=140923
for information. Note that the AX88172 driver works with the
newer AX88172A chip, which has replaced it; the system simply needs
to be told that it does.
--Brett Glass
-- or, if this is not
practical, quickly release a FreeBSD 8.1 which will be supported
for at least that long?
--Brett Glass
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any
Happy Thanksgiving to everyone in the US (and elsewhere as well)!
I encountered a strange bug when I was trimming the GENERIC FreeBSD
RELEASE-8.0 kernel to omit drivers for hardware that would not be used on one
target platform. I removed all of the USB Ethernet drivers except for udav
(Davicom
Please commit the fixes for PRs bin/130159 and bin/131250 prior
to FreeBSD RC1. These are critical for the use of userland ppp
as a server, especially if it is performing proxy ARP.
--Brett Glass
___
freebsd-stable@freebsd.org mailing list
http
progress toward a release? There appears to be no
to do list (as there was for previous releases), and therefore
no way to easily keep abreast of progress, snags, etc.
--Brett Glass
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman
have to touch it once you get it configured.
Of course, all solutions that randomize ports are really just security by
obscurity, because by shuffling ports you're hiding the way to poison your
cache... a little.
--Brett Glass
___
freebsd-stable
Everyone:
Will FreeBSD 7.1 be released in time to use it as an upgrade to
close the BIND cache poisoning hole? We'd like to upgrade affected
servers to the latest FreeBSD at the same time that we upgrade
BIND if possible.
--Brett Glass
___
freebsd
-RELEASE is scheduled
for August.
I'm sure that a lot of folks are in the same boat as I: they'd
like to start with a complete release that doesn't need patching
and recompiling.
--Brett Glass
At 09:02 PM 7/19/2008, Xin LI wrote:
Yes. FreeBSD 7-STABLE and RELENG_7_0 errata branches are already
At 09:28 PM 7/19/2008, Subhro wrote:
You need to understand the release engineering process of FreeeBSD.
I've been watching it (and testing release candidates) since 2.x, so
I think I may possibly have some understanding of it by now. ;-)
The release edition is essential created from the
Scott, Adrian:
Even more interesting would be a storage schema for caches that rests
on top of FreeBSD's GEOM facility. One could bypass all filesystems
but still take advantage of the driver architecture.
--Brett Glass
At 06:09 AM 12/26/2007, Scott Long wrote:
Yes, Squid is the ideal
At 08:32 AM 12/26/2007, Adrian Chadd wrote:
The biggest bonuses to gain high throughput with web caches, at least
with small objects, is to apply temporal locality to them and do IO in
$LARGE chunks.
By temporal locality I assume you mean that you expect items that
are fetched at the same time
At 07:14 AM 12/24/2007, Scott Long wrote:
Brett,
There could be several problems here:
1. WITNESS, INVARIANTS, malloc debugging. Are any of these turned on for you?
I don't recall if malloc debugging got turned off yet for the
7.0 snapshots.
I nuked debugging when I recompiled the kernel
COSS for small Web objects, but are not sure how
it would interact with AUFS or how much it would impact stability by decreasing
the size of Squid's CACHE_MEM memory pool (which is used for hot objects
and objects in transit). Squid tends to crash horribly if this pool isn't
kept quite big.
--Brett
At 10:12 AM 12/24/2007, Scott Long wrote:
It's not the same kind of hashing. The kind of hashing that squid
does on the filesystem is sub optimal for UFS performance.
Squid doesn't do any hashing on the file system, as far as I know.
It does, of course, have a hashed directory of cached Web
mounting the volume -async, maintaining a
similar advantage. And mounting the volume -async is a bit dangerous, because
the cache can become very inconsistent during a crash SoftUpdates is
generally what's recommended.
--Brett Glass
___
freebsd-stable
on, the cache
volume mounted with -noatime, and aufs (which uses kqueues -- a
FreeBSD invention -- to optimize multithreaded disk access), the
benchmark shows FreeBSD losing out. Why?
--Brett Glass
___
freebsd-stable@freebsd.org mailing list
http
of
bridge(4) brought in.
--Brett Glass
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]
At 08:40 AM 10/31/2007, Alexander Motin wrote:
Brett Glass wrote:
ng_nat is part of 6-STABLE
I've checked, and there is indeed a version there. But it's a
much older version without many useful option flags. ng_car
is not there at all.
It IS there:
http://www.freebsd.org/cgi/cvsweb.cgi
to communicate with the server.
--Brett Glass
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]
can guess from this and other requests, I'm looking to revise the configuration
on some specialized networking boxen so that NAT, bandwidth control, and LAN
isolation are handled in the kernel rather than in user space.
--Brett Glass
___
freebsd-stable
code that was developed for it are there
--Brett Glass
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]
in awhile and doesn't show the
usual to do lists or schedules Can someone give us an
estimated timeframe?
--Brett Glass
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any
Since I am not a FreeBSD developer (though I've fed folks snippets
of code to incorporate from time to time), I don't have a full time
build server. Where is the best way to download a daily/weekly
snapshot? ftp.freebsd.org seems only to have one snapshot per
month, and does not have one for this
.
This would be for a 386-architecture machine. Recommendations?
Also, when is 6.3-RELEASE (which will hopefully incorporate
a bunch of MFCed improvements from CURRENT) likely to happen?
--Brett Glass
___
freebsd-stable@freebsd.org mailing list
http
likely to see an RC2? Given the many changes to the code since RC1,
will there be an RC3? When will the calendar and to do list be
updated? And will we see a release by, say, Valentine's Day?
--Brett Glass
___
freebsd-stable@freebsd.org mailing list
it have some idea of the RE team's plans going into the new year. Even if
the release date is in February, that's fine -- just so it makes for a
better product and we can anticipate and plan for it.
--Brett Glass
___
freebsd-stable@freebsd.org mailing
since it normally errs
on the side of expiring pages too quickly.
--Brett Glass
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]
and is of enough value to warrant a bit of developer time
(though obviously different developers will take different amounts
of interest in maintaining classic releases).
--Brett Glass
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org
, er, performance problems. ;-)
Seriously: The problem is that in my tests 6.x does not surpass Linux in
performance, while 4.11 does.
--Brett Glass
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
Well, y'know, if they could release a FreeBSD 2.2.9 (as was done last month), it
shouldn't be a problem to do a 4.12 release as a last gasp to tide us over
until September. (Hopefully, Colin and the summer of code folks can
work on performance enhancements to the network stack, UFS2, and the hard
vulnerable.
--Brett Glass
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]
all of the time when we're making production
servers. In some cases, what we need is a tried-and-true version
with bug fixes.
--Brett Glass
At 11:04 AM 5/16/2006, Colin Percival wrote:
If you absolutely must run FreeBSD 4.11, install the RELEASE and
then run FreeBSD Update.
Personally, since
as the one
in 4.x, though I hope this will change). So, we'd like to upgrade them to
a patch level that includes all recent security fixes. Are ISOs available?
--Brett Glass
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo
freebsd mirrors.
True. But this requires assembling a system to do it, and then waiting hours
while I build the world and make release. I was hoping that there was a
snapshot server up, as there was in Japan a few years ago.
--Brett Glass
___
freebsd-stable
never seen this behavior.
By the way, the date command does report the correct time. It's cron
that seems to be getting the time wrong.
--Brett Glass
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
At 09:08 PM 11/25/2005, Joseph Koshy wrote:
Just created a server using FreeBSD 6.0, and it's quite
stable and fast. One glitch, though: Jobs scheduled to
run at midnight via /etc/crontab are running at 6 PM
(midnight GMT). I've double checked, and the CMOS clock
is set to local time and
At 05:40 PM 11/26/2005, Jon Dama wrote:
What is the output of
date vs date -u
on your system?
What's the value of machdep.adjkerntz ?
www# date
Sat Nov 26 17:53:20 MST 2005
www# date -u
Sun Nov 27 00:53:22 UTC 2005
www# sysctl -a | grep kerntz
machdep.adjkerntz: 25200
Is /etc/localtime
At 09:14 PM 11/26/2005, Peter Jeremy wrote:
On Sat, 2005-Nov-26 15:07:26 -0700, Brett Glass wrote:
By the way, the date command does report the correct time. It's cron
that seems to be getting the time wrong.
You haven't accidently created a line that looks like 'TZ=' in the
crontab have you
. What could be going on? Is this
a known problem?
--Brett Glass
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]
this Thanks to the people who have pointed out
that target in the Makefile.
--Brett Glass
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]
, is that the GENERIC kernel
configuration should be very heavily commented and documented and
that the DEFAULT file will then be completely unnecessary.
Just my $0.02.
--Brett Glass
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo
),
one has to remove dozens of lines from the configuration file.
Sometimes a hundred or more. But this is simple enough; one
just deletes the lines. Having to WRITE a line to disable each
of the undesired ones is orders of magnitude more difficult --
unnecessarily so.
--Brett Glass
to install PCI NICs for
speed and stability.
--Brett Glass
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]
At 08:13 PM 10/17/2005, Mike Tancsa wrote:
One thing we're looking at doing is deploying some single-core AMD64s.
Some of the motherboards use the NVidia NForce chipsets, so we
need to know if the nve driver works
I have seen lots of problem reports with the nve. A board that
works well
,
when is the likely release date?
--Brett Glass
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]
At 06:34 PM 10/15/2005, David Syphers wrote:
http://www.freebsd.org/releases/6.0R/todo.html
Linked to from the schedule page...
Been there. Want to get folks' opinions, and also more detail
than is likely to appear on th epage.
--Brett
___
At 09:39 AM 4/18/2005, Steve Ames wrote:
Nothing stops someone other than the normal RE team from rolling something
release-esque (like a 4.X snapshot) and requesting that it be made available
for download on the FreeBSD sites or rolling your own release for
internal use.
Perhaps. But
At 10:00 AM 4/18/2005, Steve Ames wrote:
Perhaps. But then, all of the software that recognizes official releases
and does things like download ports, etc. won't work.
It would recognize it as 4.11.
Actually, it tends not to recognize it at all. If the string doesn't
say 4.11-RELEASE, the
At 11:20 AM 4/18/2005, Steve Ames wrote:
Ah. Packages and /stand/sysinstall. Yeah. I haven't installed a package from
sysinstall in YEARS so I probably wouldn't have noticed that. Getting
security updates for packages using sysinstall is a total lose. cvsup and
portupgrade are my tools of
At 11:24 AM 4/18/2005, Colin Percival wrote:
I usually choose to allow users to shoot their own feet if they want, but
since I wrote FreeBSD Update primarily for the benefit of less experienced
FreeBSD users I decided that some anti-foot-shooting mechanisms were a
good idea.
I understand.
) be in 5.4?
--Brett Glass
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]
It's the C language. While it's claimed to be portable, it really doesn't
address integer size and endianism well enough.
Oddly enough, even FORTRAN did a better job. You could declare a variable
to be INTEGER*4 and that would be that, regardless of architecture.
Which ports were causing you
to the many difficulties that this can cause.
--Brett Glass
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]
At 06:14 PM 12/19/2004, Colin Percival wrote:
No, but quite a few people would like to see a 5.4 minor release
sometime around, say, late February or early March.
That would work too. It's a slightly shorter than usual time between point
releases, but then, a lot of progress is being made
else besides me like to see a 5.3.1 minor release
sometime around, say, February?
--Brett Glass
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]
At 09:13 PM 12/4/2003, Igor Pokrovsky wrote:
I've seen the same message about softupdates, but it appeared after unexpected
power problems, when computer turned off without syncs and umounts.
In this case, it occurred after a crash... which likewise occurred
without a sync or umount. The machine
Glass
At 09:54 AM 9/27/2003, Murray Stokely wrote:
On Wed, Sep 24, 2003 at 08:35:55PM -0600, Brett Glass wrote:
I'm waiting for the release of 4.9 to do some system upgrades (I've
patched the machines in the meantime, but really need to do fresh
installs.) How stable and polished
Any chance of slipping in a fix for the GNU tar malicious archive bug
before 4.7 ships?
--Brett Glass
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-stable in the body of the message
?
--Brett Glass
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-stable in the body of the message
Thank you for pointing this out! It may indeed be what's wedging
Apache 2.x.
I may still downgrade to 1.3.26, though. The process size is
smaller, and the only truly major difference between 1.3.x and
2.x is the new threading model, which FreeBSD can't use because
pthreads are still a kludge.
At 03:01 PM 1/6/2002, Arthur W. Neilson III wrote:
recently we setup msyslog-1.08a on a number of freebsd and solaris
based boxes, syslogging to a mysql backend.
I'd be concerned about the overhead of a full-fledged SQL database
Seems like overkill to me.
Also, I believe that msyslog
At 05:10 PM 1/6/2002, Arthur W. Neilson III wrote:
msyslog is pretty cool, it's modular and has a bunch of different input
modules for tcp, udp, streams and unix domain sockets also output
modules for mysql, postgres, peo (hash protection) and regex. it is worth exploring
and actually is BSD
At 02:38 PM 1/5/2002, Jordan Hubbard wrote:
Of course, collecting log data for analysis from syslog is pretty
low-tech when it comes to detecting and/or stopping attacks in
real-time and I'd hope this wouldn't be encouraged as a general
practice.
I can't see any reason not to use syslogd, or
In
http://www.freebsd.org/cgi/query-pr.cgi?pr=26299
I've proposed changes to the Makefile in /etc/mail that I think makes it
easier to reconfigure sendmail.
Right now, to change sendmail.cf, one edits "freebsd.mc" and rebuild
sendmail.cf from it (unless one has changed /etc/make.conf, which
Hmmm. I haven't started at the stack to see if this is feasible,
but can't the code that implements IPFW's "established" keyword
be used to discard the ACK if it isn't associated with an
active session?
--Brett
At 05:34 PM 1/20/2000 , Warner Losh wrote:
It is a remote exploit.
Warner
To
That means that the code path that validates the ACK in the kernel
must be long. Long enough so that you can hose the CPU over, say,
a T1. How does one short-circuit this?
--Brett
At 05:34 PM 1/20/2000 , Warner Losh wrote:
It is a remote exploit.
Warner
To Unsubscribe: send mail to
Darren:
Glad to see you are in on this discussion.
The code you use for the "keep state" option in IPFilters might be
able to recognize that the ACK does not belong to an existing
connection. Could a fast check be implemented as a rule under
IPFilters? (If it could, it's probably a one-liner,
Oops I've answered my own question. IPFW's "established" keyword
only checks the RST or ACK bits; it can't tell if a session is
REALLY established or not. Only a firewall that can save state
(such as IPFilters), or the kernel itself, can do this.
It'd be neat if we could use IPFilters to do
At 06:03 PM 1/20/2000 , Darren Reed wrote:
If you're using "flags S keep state" or "flags S/SA keep state",
then as far as I'm aware, having read the code, you are safe.
This might be a workaround. What rule(s) would have to follow it
to block the ACK?
I'm intrigued to know what the bug is.
98 matches
Mail list logo
