From owner-FreeBSD-users-jp@jp.freebsd.org  Mon Apr  9 16:59:37 2001
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id QAA10119;
	Mon, 9 Apr 2001 16:59:37 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from tac.tsukuba.ac.jp (bsd2.tac.tsukuba.ac.jp [130.158.192.79])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with SMTP id QAA10114
	for <FreeBSD-users-jp@jp.freebsd.org>; Mon, 9 Apr 2001 16:59:36 +0900 (JST)
	(envelope-from hiromi@tac.tsukuba.ac.jp)
Received: (qmail 38000 invoked from network); 9 Apr 2001 16:59:36 +0900
Received: from p166.tac.tsukuba.ac.jp (HELO localhost) (130.158.192.54)
  by bsd2.tac.tsukuba.ac.jp with SMTP; 9 Apr 2001 16:59:36 +0900
To: FreeBSD-users-jp@jp.freebsd.org, kjm@rins.ryukoku.ac.jp
In-Reply-To: <3153.986792194@ideon.st.ryukoku.ac.jp>
References: <20010407.111019.00489987.ktg@aurora.ocn.ne.jp>
	<3153.986792194@ideon.st.ryukoku.ac.jp>
X-Mailer: Mew version 1.94.2 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Message-Id: <20010409165936F.hiromi@tac.tsukuba.ac.jp>
Date: Mon, 09 Apr 2001 16:59:36 +0900
From: Hiromi Kimura <hiromi@tac.tsukuba.ac.jp>
X-Dispatcher: imput version 20000228(IM140)
Lines: 43
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+010328
X-Sequence: FreeBSD-users-jp 60686
Subject: [FreeBSD-users-jp 60686] Re: a serious bug in IPFilter
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org
X-Originator: hiromi@tac.tsukuba.ac.jp

BugTraq $B$N(B
 http://www.securityfocus.com/archive/1/174913
$B$K>\$7$$@bL@$,$"$j$^$9!#(B

$B$=$l$K$h$k$H!"30It$+$i$N%"%/%;%9$r5v$9%]!<%H$,#1$D$G$b$"$l$P!"(B
$B%Q%1%C%H$rCGJR2=$9$k$3$H$K$h$C$F!"G$0U$N%]!<%H$X%"%/%;%9$G$-$F$7$^$&(B
$B$h$&$G$9!#(B
$B%k!<%k$,(B keep state $B$+$I$&$+$O4X78$J$$$h$&$G$9!#(B

In <<3153.986792194@ideon.st.ryukoku.ac.jp>>
 <KOJIMA Hajime / $B>.EgH%(B <kjm@rins.ryukoku.ac.jp>> writes
> * /etc/ipf.rules $B$K$*$$$F(B keep state keep frags $B$r;H$C$F$$$k>l9g$K(B
>   $BLdBj$H$J$k!#(Bkeep state $B$@$1$J$iLdBj$H$J$i$J$$!#(B

$B;d$K$O!"!V?7$7$$%P!<%8%g%s$G!"$3$N%P%0$r:F8=$9$k$K$O(B keep state keep frags $B$H(B
$B;XDj$9$k!W$H$$$&Iw$KFI$a$^$7$?!#(B


>   4.2-RELEASE $BEy$G(B ip filter $B$r:G?7HG$K$$$l$+$($?$$>l9g$O!"$I$&$9(B
>   $B$k$N$,(B smart $B$J$s$G$7$g$&!D!D!#(B

$B$"$^$j%9%^!<%H$G$O$"$j$^$;$s$,!"%F%9%H%^%7%s$G$O0J2<$N<j=g$G(B OK $B$G$7$?!#(B

1. $BE,Ev$J(B directory $B$G(B ip-fil3.4.17.tar.gz $B$rE83+(B

2. # make freebsd4

3. # make install-bsd
	/sbin/ipf $BEy$N%3%^%s%I$,(B install $B$5$l$k(B
	ipf.ko $B$H$$$&(B kernel module $B$,(B install $B$5$l$F$7$^$&$N$G>C5n(B
		# rm /modules/ipf.ko

4. # cp ip_* fil.c ipl.h mlfk* /sys/netinet/

5. # cd /sys/modules/ipfilter
   # make depend && make && make install
	ipl.ko $B$,(B install $B$5$;$k(B

6. Kernel $BAH$_9~$_$N>l9g$O!"(Bkernel $B$r:F9=C[(B

-=-=-=-=-
$BLZB<GnH~(B  $BC^GHBg3X(B $B2CB.4o%;%s%?!<(B http://www.tac.tsukuba.ac.jp/~hiromi/
PGP Fingerprint16 = 2A 27 2E 46 9E 75 4E 3D  E3 FD 5A DC 2A AA 3A 2E
