Hi,
I'm just going off what I saw in the code. Maybe the code changed and
the bug was introduced.
I suggest:
(a) use ipfw to filter them for now; and
(b) file a PR (https://bugs.freebsd.org/submit/) so it's not forgotten.
Thanks!
-a
___
freebsd-net@
On Sun, Oct 5, 2014 at 6:24 PM, Brandon Vincent
wrote:
> On Sun, Oct 5, 2014 at 2:39 PM, Adrian Chadd wrote:
> > All accept_sourceroute does is prevent the stack from forwarding
> > source routed packets. If it's destined locally then it's still
> > accepted.
>
> Out of curiosity, isn't "net.ine
Hey Alexander,
Very nice work, thank you so much to bring these stuff to us.
Best Regards,
2014-10-04 20:35 GMT+08:00 Alexander V. Chernikov :
> Hi,
>
> I'm going to merge projects/ipfw branch to HEAD in the middle of next week.
>
> What has changed:
>
> Main user-visible changes are related to
Hi,
On Sun, 5 Oct 2014 11:38:47 -0500
Scot Hetzel wrote:
> On Sun, Oct 5, 2014 at 7:34 AM, Erich Dollansky
> wrote:
> > On Sat, 4 Oct 2014 21:32:47 -0400
> > Glen Barber wrote:
> >
> >> The first RC build of the 10.1-RELEASE release cycle is now
> >> available
> >
> > I installed this shortly
On Sun, Oct 5, 2014 at 2:39 PM, Adrian Chadd wrote:
> All accept_sourceroute does is prevent the stack from forwarding
> source routed packets. If it's destined locally then it's still
> accepted.
Out of curiosity, isn't "net.inet.ip.accept_sourceroute" supposed to
reject incoming source routed p
Hi,
Can you please get a packet capture of what it's sending and what it's
receiving?
All accept_sourceroute does is prevent the stack from forwarding
source routed packets. If it's destined locally then it's still
accepted.
You could try crafting an ipfw rule to filter out packets with these
op
To view an individual PR, use:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id).
The following is a listing of current problems submitted by FreeBSD users,
which need special attention. These represent problem reports covering
all versions including experimental development code and ob
Hi,
I am running dhcpcd 6.4.3 on 11.0-CURRENT r271879M
to get an ipv6 prefix from my ISP.
The prefix is received with a lifetime of 86400 seconds.
dhcpcd adds an address using the prefix with pltime and vltime of 86400.
Before the address expires dhcpcd refreshes it but the interface route
for the
hmmm… could it be openvas?!
just installed netbsd 6.1.4 aim i found on the aws community aims list…
same thing..
just the possibility of both openvas and the hackarguardian service being
both wrong is a bit too much of a coincidence for me…
any thoughts?
On Sun, Oct 5, 2014 at 3:21 PM, el
ok.. this is getting a bit ridiculous…
just did a brand new install of the freebsd 9.3 aim on amazon…
with nothing installed on it and only ssh open i get the same result when
scanning with openvas:
"Summary:
The remote host accepts loose source routed IP packets.
The feature was designed for
thanks brandon… but that didn't help….
i still get the same result…
i guess i'd report this as a bug…
On Sun, Oct 5, 2014 at 11:58 AM, Brandon Vincent
wrote:
> On Sun, Oct 5, 2014 at 8:33 AM, el kalin wrote:
> > should is submit this as a bug?
>
> Can you first try adding "set block-policy
On Sun, Oct 5, 2014 at 7:34 AM, Erich Dollansky
wrote:
> Hi,
>
> On Sat, 4 Oct 2014 21:32:47 -0400
> Glen Barber wrote:
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> The first RC build of the 10.1-RELEASE release cycle is now available
>
> I installed this shortly after your e-mai
On Sun, Oct 5, 2014 at 8:33 AM, el kalin wrote:
> should is submit this as a bug?
Can you first try adding "set block-policy return" to pf.conf? OpenVAS
might be assuming that a lack of response from your system to source
routed packets is an acknowledgement that it is accepting them.
Brandon Vi
should is submit this as a bug?
On Sun, Oct 5, 2014 at 2:04 AM, el kalin wrote:
> hi again… i have disabled the icmp pings… same result...
>
> currently:
>
> /etc/pf.conf:
>
> tcp_in = "{ www, https }"
> udp = "{ domain, ntp, snmp }"
> ping = "echoreq"
>
> set skip on lo
> scrub in
> antispo
On 10/4/14 20:35, Alexander V. Chernikov wrote:
Hi,
I'm going to merge projects/ipfw branch to HEAD in the middle of next
week.
What has changed:
Main user-visible changes are related to tables:
* Tables are now identified by names, not numbers. There can be up to
65k tables with up to 63-
Hi,
On Sat, 4 Oct 2014 21:32:47 -0400
Glen Barber wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> The first RC build of the 10.1-RELEASE release cycle is now available
I installed this shortly after your e-mail came. The result was the
same as with BETA3. If you remember, I have
On 04.10.2014 18:00, Marcelo Gondim wrote:
Excellent work! :)
I really enjoyed the news. This new ipfwcome with FreeBSD 10.1 release?
Unfortunately, no.
The plan is to commit it to HEAD and merge to 9/ and 10/ after 1 month.
Cheers,
Gondim
On 04/10/2014 09:35, Alexander V. Chernikov wrote:
I'm not convinced that the race with SBS_CANTSENDMORE is OK, even though I
really want to write that it is. The risk here is that we miss an asynchronous
disconnect event, and that the thread then blocks even though an event is
pending, which is a nasty turn of events. We might want to dig about
18 matches
Mail list logo
