Bugtraq mailing list archives
Linux 2.1.x Firewalling code broked
From: darrenr () REED WATTLE ID AU (Darren Reed)
Date: Sat, 16 May 1998 01:11:17 +1000
----- Forwarded message from Bob Tracy - TDS ----- Subject: Linux 2.1.X ENskip fixed! Date: Fri, 15 May 1998 09:07:39 -0500 (CDT) X-Mailer: ELM [version 2.4ME+ PL40 (25)] Precedence: bulk (Gee, is this list dead or what? My earlier announcement of the Linux 2.1.X ENskip botch elicited exactly ZERO comments in this forum and in private e-mail.) It took a few days, but I found the problem. It turns out that the IP firewall code in Linux 2.1.X has been broken for a long time, probably since early in the 2.1.X networking development cycle. Specifically, not all the paths between the IPv4 layer and the physical layer are covered by the firewall code, and in particular, the path taken by a SYN_ACK packet ( ip_build_and_send_pkt() ) is not covered. An official patch will probably appear in the 2.1.103 kernel: I discovered the problem too late for inclusion in 2.1.102. Attached please find a revised ENskip kernel patch for Linux 2.1.101 that includes a fix for the firewall code. --
Current thread:
- Linux 2.1.x Firewalling code broked Darren Reed (May 15)
- Re: Linux 2.1.x Firewalling code broked Bob Tracy - TDS (May 15)