22.04.2020 6:55, Ed Maste wrote: > On Tue, 21 Apr 2020 at 18:50, Eugene Grosbein <eu...@grosbein.net> wrote: >> >>> I believe this is correct; what about this statement: >>> >>> No workaround is available. Systems not using the ipfw firewall, and >>> systems that use the ipfw firewall but without any rules using "tcpoptions" >>> or "tcpmss" keywords, are not affected. >> >> Isn't removing rules with "tcpoptions/tcpmss" considered as work-around? >> >> Such rules may be replaced with "ipfw netgraph" rules and processing TCP >> options >> with NETGRAPH node ng_bpf(4). Seems as work-around to me. > > Fair enough, although I don't want to provide that as an official > suggestion in the advisory without testing and understanding the > caveats, so probably just removing the "No workaround is available." > > So perhaps: > Systems not using the ipfw firewall, and systems that use the ipfw firewall > but with no rules using "tcpoptions" or "tcpmss" keywords, are not affected.
I like it. _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
