From owner-FreeBSD-net-jp@jp.freebsd.org  Thu Jun 21 21:12:07 2001
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id VAA13666;
	Thu, 21 Jun 2001 21:12:07 +0900 (JST)
	(envelope-from owner-FreeBSD-net-jp@jp.FreeBSD.org)
Received: from leo.ec.t.kanazawa-u.ac.jp (root@leo.ec.t.kanazawa-u.ac.jp [133.28.119.41])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id VAA13661
	for <FreeBSD-net-jp@jp.freebsd.org>; Thu, 21 Jun 2001 21:12:06 +0900 (JST)
	(envelope-from hirano@t.kanazawa-u.ac.jp)
Received: from localhost (hirano@pisces.ec.t.kanazawa-u.ac.jp [133.28.119.45])
	by leo.ec.t.kanazawa-u.ac.jp (8.9.3/3.7W) with ESMTP id VAA28905
	for <FreeBSD-net-jp@jp.freebsd.org>; Thu, 21 Jun 2001 21:12:06 +0900 (JST)
To: FreeBSD-net-jp@jp.freebsd.org
In-Reply-To: <20010621201046.36E4.SHIMIZU@syscon.co.jp>
References: <20010621201046.36E4.SHIMIZU@syscon.co.jp>
X-Mailer: Mew version 1.94.1 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Message-Id: <20010621211204J.hirano@t.kanazawa-u.ac.jp>
Date: Thu, 21 Jun 2001 21:12:04 +0900
From: Akihiro HIRANO <hirano@t.kanazawa-u.ac.jp>
X-Dispatcher: imput version 20000228(IM140)
Lines: 17
Reply-To: FreeBSD-net-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+010328
X-Sequence: FreeBSD-net-jp 3168
Subject: [FreeBSD-net-jp 3168] Re: ipfw =?ISO-2022-JP?B?GyRCJEcbKEI=?=
 =?ISO-2022-JP?B?GyRCSDQkMSRGJDckXiQmJVElMSVDJUgkLCQiJGsbKEI=?= 
Errors-To: owner-FreeBSD-net-jp@jp.freebsd.org
Sender: owner-FreeBSD-net-jp@jp.freebsd.org
X-Originator: hirano@t.kanazawa-u.ac.jp

> FreeBSD 2.2.8$B>e$G(Bipfw$B$r;HMQ$7$F(BFireWall$B$r9=C[$7$F$$$^$9!#(B
> NAT$B$K4X$7$F$O(BINSrouter$B$G9T$C$F$$$k$N$G!"%Q%1%C%H%U%#%k%?%j%s%0$N$_9T$C$F(B
> $B$$$^$9!#(B
> $B:rF|$N%m%0$r%A%'%C%/$7$?$H$3$m(BFirewall(fw01)$B$G%V%m%C%/$7$F$$$k$K$b$+$+$o(B
> $B$i$:!"(Bhoge2(RedHat7.0$B$,F0:n(B)$B$KH4$1$F$$$k%Q%1%C%H$,$"$k$N$rH/8+$7$^$7$?!#(B

$B!!$b$7!V(Ballow tcp from any to any established$B!W$N$h$&$J%(%s%H%j$,$"$C(B
$B$F!"$+$D!"%Q%C%A$rEv$F$F$$$J$$$H$7$?$i!"2<5-$N2DG=@-$O$J$$$G$7$g$&$+!)(B

$B!t(B2.2.x$BMQ$N@5<0$J%Q%C%A$O$J$$$G$9$,!"$A$g$C$H<j$rF~$l$?$iEv$?$k$O$:!D(B

<URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:08.ipfw.asc>
FreeBSD-SA-01:08
ipfw/ip6fw allows bypassing of 'established' keyword
----
$BJ?Ln989((B@$B6bBtBg3X9)3XIt(B $B>pJs%7%9%F%`9)3X2J(B ($B5l(B $BEE5$!&>pJs9)3X2J(B)
hirano@t.kanazawa-u.ac.jp
