Re: npf bug(?)

To: 6bone%6bone.informatik.uni-leipzig.de@localhost
Subject: Re: npf bug(?)
From: christos%zoulas.com@localhost (Christos Zoulas)
Date: Sun, 2 Apr 2017 11:20:24 -0400

On Apr 2, 11:16am, 6bone%6bone.informatik.uni-leipzig.de@localhost (6bone%6bone.informatik.uni-leipzig.de@localhost) wrote:
-- Subject: Re: npf bug(?)

| On Fri, 31 Mar 2017, Christos Zoulas wrote:
| 
| > I would add some rules to block the ipv4 traffic, except when it comes from
| > your 'known hosts' to your 'known interfaces and ports'.
| >
| 
| The DNS and the 6to4 service are offered for free usage. There are no 
| restrictions on certain IP networks. I guess the reassambling in such 
| cases is problematic. That's why I would like to switch it off. There are
| also no firewall rules for IPv4.

I am trying to understand the use case here:
1. you want to have V4 DNS and 6to4 service that can generate V4 fragments
2. you want V4 fragments dropped.
3. you can't put V4 rules in your firewall to restrict traffic to only
   those services.

Is that correct?

christos

Follow-Ups:
- Re: npf bug(?)
  - From: 6bone

References:
- Re: npf bug(?)
  - From: 6bone

Prev by Date: Re: npf bug(?)
Next by Date: Automated report: NetBSD-current/i386 build success
Previous by Thread: Re: npf bug(?)
Next by Thread: Re: npf bug(?)
Indexes:

Home | Main Index | Thread Index | Old Index