Re: Linux +ipchains+ ping -R

[scott () ACRID SCHEMATIX NET (Scott)]

About 2 weeks ago someone made me aware of a similar bug in FreeBSD
with natd/ipfw. I tested it on my own computer (FreeBSD 3.2-STABLE) and
the result was an immediate result reboot without any logging.

This firewall rule fixes the problem on my FreeBSD box. Adjust it
accordingly for the logging options, etc. Make sure its the 1st rule
listed.

deny log ip from any to any ipopt rr

-Scott

On Thu, 22 Jul 1999, Andrej Todosic wrote:

> Hello ,
>
> i am not quite sure if this has been discussed or if htere is a fix already
> but i d still like to mention it.
>
> linux firewall setup 2.2.5 or 2.2.10 and ipchains + Nat + advanced router
>
>
> if you are less than nine hops away from it ping -R and ( assuming the fw
> lets the packets go through ) you get a kernel panic .
>
>
> You cant go wrong . i tried it on more than one firewall and more than one
> kernel.
>
>
> PS if you are testing it do make sure you are not going through the fw for a
> connection ( which how i screwed myself up and left the ping -R in the
> background )
>
>
>
>
> Andrej