Re: The NPF firewall leaks! (was Re: in_cksum: out of data)

To: Mindaugas Rasiukevicius <rmind%netbsd.org@localhost>
Subject: Re: The NPF firewall leaks! (was Re: in_cksum: out of data)
From: Tom Ivar Helbekkmo <tih%hamartun.priv.no@localhost>
Date: Fri, 09 Dec 2016 10:51:28 +0100

Mindaugas Rasiukevicius <rmind%netbsd.org@localhost> writes:

> I agree that this is not really intuitive and the documentation did
> not clarify this either.

Yes, the documentation should be changed to state that when you
explicitly specify tcp and stateful, you get the s/safr set.  Most
importantly, the examples (npf.conf(5)  and /usr/share/examples/npf)
should be corrected so they show the safest way to set things up.

I must say, NPF is a joy to use.  Even more sysadmin-friendly than PF.

-tih
-- 
I like long walks, especially when they are taken by people who annoy me.

References:
- in_cksum: out of data
  - From: Tom Ivar Helbekkmo
- Re: in_cksum: out of data
  - From: Tom Ivar Helbekkmo
- Re: in_cksum: out of data
  - From: Tom Ivar Helbekkmo
- Re: in_cksum: out of data
  - From: Christos Zoulas
- Re: in_cksum: out of data
  - From: Tom Ivar Helbekkmo
- Re: in_cksum: out of data
  - From: Tom Ivar Helbekkmo
- The NPF firewall leaks! (was Re: in_cksum: out of data)
  - From: Tom Ivar Helbekkmo
- Re: The NPF firewall leaks! (was Re: in_cksum: out of data)
  - From: Mindaugas Rasiukevicius

Prev by Date: Re: Automated report: NetBSD-current/i386 build failure
Next by Date: Automated report: NetBSD-current/i386 build success
Previous by Thread: Re: The NPF firewall leaks! (was Re: in_cksum: out of data)
Next by Thread: -current Kernel crash with new openssh's sshd on cobalt qube2
Indexes:

Home | Main Index | Thread Index | Old Index