diff options
| author | ru <ru@FreeBSD.org> | 1999-11-04 10:13:59 +0000 |
|---|---|---|
| committer | ru <ru@FreeBSD.org> | 1999-11-04 10:13:59 +0000 |
| commit | 28b2aeb2ae324b280112999b348ee77bbd372bae (patch) | |
| tree | a7b6da3c69331b702e8512749162c7ac17297b35 /etc/rc.firewall | |
| parent | 607d5ec791049de55faefef4cf0329834f7630b2 (diff) | |
| download | FreeBSD-src-28b2aeb2ae324b280112999b348ee77bbd372bae.zip FreeBSD-src-28b2aeb2ae324b280112999b348ee77bbd372bae.tar.gz | |
Pass IP fragments with non-zero offset. The semantics of matching
IP fragments has been changed in src/sys/netinet/ip_fw.c,v 1.78.
Reminded by: "Ronald F. Guilmette" <rfg@monkeys.com>
Diffstat (limited to 'etc/rc.firewall')
| -rw-r--r-- | etc/rc.firewall | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/etc/rc.firewall b/etc/rc.firewall index 0dd5ae6..24e4943 100644 --- a/etc/rc.firewall +++ b/etc/rc.firewall @@ -121,6 +121,9 @@ case ${firewall_type} in # Allow TCP through if setup succeeded ${fwcmd} add pass tcp from any to any established + # Allow IP fragments to pass through + ${fwcmd} add pass all from any to any frag + # Allow setup of incoming email ${fwcmd} add pass tcp from any to ${ip} 25 setup @@ -178,6 +181,9 @@ case ${firewall_type} in # Allow TCP through if setup succeeded ${fwcmd} add pass tcp from any to any established + # Allow IP fragments to pass through + ${fwcmd} add pass all from any to any frag + # Allow setup of incoming email ${fwcmd} add pass tcp from any to ${oip} 25 setup |
