Re: kern/53962: npf: weird 'stateful' behavior

To: tech-net%netbsd.org@localhost
Subject: Re: kern/53962: npf: weird 'stateful' behavior
From: Manuel Bouyer <bouyer%antioche.eu.org@localhost>
Date: Sun, 17 Feb 2019 13:52:25 +0100

On Sun, Feb 17, 2019 at 12:54:15PM +0100, Edgar Fuß wrote:
> A Timo knows, I'm running NetBSD in production.
> 
> I run a "one VLAN per IP range" (minus external, of course) policy.
> 
> I'm using packet filtering (currently ipf on 6.1) both on individual servers 
> (anti-spoofing, access restriction to certain deamon ports) and on the gateway 
> (the only machine with IP forwarding enabled) to restrict inter-network 
> traffic. From the ipf bugs I run into, I conclude I'm the only person on 
> the planet doing this.

No, I'm doing it too, but maybe with a different set of rules than you.
I don't use statefull filtering for TCP, for example.

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--

References:
- Re: kern/53962: npf: weird 'stateful' behavior
  - From: fstd . lkml
- Re: kern/53962: npf: weird 'stateful' behavior
  - From: Mindaugas Rasiukevicius
- Re: kern/53962: npf: weird 'stateful' behavior
  - From: Edgar Fuß

Prev by Date: Re: kern/53962: npf: weird 'stateful' behavior
Next by Date: Re: kern/53962: npf: weird 'stateful' behavior
Previous by Thread: Re: kern/53962: npf: weird 'stateful' behavior
Next by Thread: Re: kern/53962: npf: weird 'stateful' behavior
Indexes:

Home | Main Index | Thread Index | Old Index