Firewall Wizards mailing list archives

Re: Altavista Firewall98 SP3 broken on DU40D

From: "Marcus J. Ranum" <mjr () nfr net>
Date: Wed, 15 Dec 1999 19:51:42 -0500

  ioctl (SIOCSREENON): Operation not supported on socket
  Cannot set Screen Mode ON

This means that after aplying this service pack the machine no longer does
screening (packet filtering) and might even be acting as a router now since
the forwarding on the firewall is (and should be?) on. This is fatal for
security afcourse!



Sounds like the patch install removed the kernel config for the
screen device. You need to make sure that it's turned back on
in the kernel, then rebuild and reinstall the kernel.

mjr.

--
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
work - http://www.nfr.net
home - http://www.clark.net/pub/mjr

Current thread:

Altavista Firewall98 SP3 broken on DU40D Van Bemmel, Berend (Dec 15)
- NetWinder ToxicMarie (Dec 21)
- <Possible follow-ups>
- RE: Altavista Firewall98 SP3 broken on DU40D Carl Friedberg (Dec 17)
- Re: Altavista Firewall98 SP3 broken on DU40D Marcus J. Ranum (Dec 17)
  - Re: Altavista Firewall98 SP3 broken on DU40D Marcus J. Ranum (Dec 17)
- Re: Altavista Firewall98 SP3 broken on DU40D Bruce B. Platt (Dec 17)
- RE: Altavista Firewall98 SP3 broken on DU40D Munroe, Peg (Dec 17)
- RE: Altavista Firewall98 SP3 broken on DU40D Van Bemmel, Berend (Dec 21)