On 9/17/10 7:04 AM, Mr Dash Four wrote: > >>> Bugger! I can see a potential for some really nasty stuff coming from >>> this. Is there absolutely no chance that the blacklist processing could >>> be moved forward, somehow? >>> >> >> I don't think that the consequences could be that dire (a blacklisted >> host could renew its DHCP lease is the only hole I can see), but it is >> not horribly difficult to remove this restriction. >> > If there is 'processing' before 'checking' this could potentially be > exploited (dos and ddos attacks is what I am thinking of). If you could, > somehow, manage to put 'checking' before 'processing' that would be > ideal, but if you can't you need to clearly explain this (in a note > possibly) in one of the man pages so that everybody is clear what is > happening. >
Please see my later email. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
