I have a Dell PE1650 server with dual on-board Intel 82544 NICs which is
intended to be an external firewall using options BRIDGE, IPFIREWALL,
etc.
Packets are not being passed from em0 to em1. I have tried 4.7-Release
(em driver 1.3.4), 4.8-Release (em driver 1.4.10) and the current 1.5.31
em dr
>
> If your firewall needs to perform *any* DNS queries, what happens if the DNS
> server(s) are down or unreachable when the firewall tries to restart? Does it
> fail in a way that you are happy with?
>
That´s an another defect in ipfw client utility, it stops processing rules if
it fails to look
Problem:
if_dc driver fails to read MAC address from AN983B (on-board ethernet on
MSI motherboard in this case). Not only does it get the wrong value of
MAC address, but it permanently trashes the EEPROM contents, so that it
is necessary to use the manufacturer's utility to re-set the MA
I'm forwarding this here in case anyone wants to take a look.
- Forwarded message from "Giovanni P. Tirloni" <[EMAIL PROTECTED]> -
Date: Sun, 1 Jun 2003 04:12:55 -0300
From: "Giovanni P. Tirloni" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
User-Agent: Mutt/1.5.3i
Subject: Very weird networ
Petri Helenius wrote:
[ ...using DNS in firewall rules... ]
I know that, I control the domains and additionally they are for non-critical
resources like NTP access.
OK: it's good to keep your firewall clocks syncronized.
External NTP servers are best accessed by name, agreed.
So run a NTP server on
>
> You are strongly advised to use IP addresses instead of hostnames in firewall
> rulesets, to avoid DNS spoofing attacks subverting your firewall. Ideally, your
> firewall should function without depending on any external network resources.
>
I know that, I control the domains and additiona
Petri Helenius wrote:
How do I compile/load ipfw kld so that it has "default to accept" which seems to be
required to allow hostnames to be used in firewall configuration loaded at boot time.
You are strongly advised to use IP addresses instead of hostnames in firewall
rulesets, to avoid DNS spoof