From owner-doc-jp@jp.freebsd.org  Wed Aug 22 14:41:07 2001
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id OAA34633;
	Wed, 22 Aug 2001 14:41:07 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from TYO201.gate.nec.co.jp (TYO201.gate.nec.co.jp [202.32.8.214])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id OAA34626;
	Wed, 22 Aug 2001 14:41:04 +0900 (JST)
	(envelope-from y-koga@jp.FreeBSD.org)
Received: from mailgate4.nec.co.jp ([10.7.69.197])
	by TYO201.gate.nec.co.jp (8.11.3/3.7W01080315) with ESMTP id f7M5eRs02965;
	Wed, 22 Aug 2001 14:40:28 +0900 (JST)
Received: from mailsv.nec.co.jp (mailgate51.nec.co.jp [10.7.69.190]) by mailgate4.nec.co.jp (8.11.3/3.7W-MAILGATE-NEC) with ESMTP
	id f7M5eRa14307; Wed, 22 Aug 2001 14:40:27 +0900 (JST)
Received: from necspl.do.mms.mt.nec.co.jp (necspl.do.mms.mt.nec.co.jp [10.16.5.21]) by mailsv.nec.co.jp (8.11.3/3.7W-MAILSV-NEC) with ESMTP
	id f7M5eQ813115; Wed, 22 Aug 2001 14:40:26 +0900 (JST)
Received: from localhost (localhost [127.0.0.1])
	by  necspl.do.mms.mt.nec.co.jp (8.11.6/8.11.6) with ESMTP id f7M5eQK40812;
	Wed, 22 Aug 2001 14:40:26 +0900 (JST)
Date: Wed, 22 Aug 2001 14:40:26 +0900 (JST)
Message-Id: <20010822.144026.102551873.y-koga@jp.FreeBSD.org>
To: doc-jp@jp.FreeBSD.org
From: Koga Youichirou <y-koga@jp.freebsd.org>
In-Reply-To: <20010819.005133.23005040.hrs@eos.ocn.ne.jp>
References: <20010818.075729.74731664.hrs@eos.ocn.ne.jp>
	<20010818.162530.74756849.rushani@bl.mmtr.or.jp>
	<20010819.005133.23005040.hrs@eos.ocn.ne.jp>
X-Mailer: Mew version 2.0.50 on Emacs 20.7 / Mule 4.0 (HANANOEN)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+010328
X-Sequence: doc-jp 8360
Subject: [doc-jp 8360] Re: FreeBSD Security Advisory
 FreeBSD-SA-01:53.ipfw
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: y-koga@jp.freebsd.org

Hiroki Sato <hrs@eos.ocn.ne.jp>:
>  $B%X%C%@$r(B announce-jp $B$N$b$N$KJQ99$7$F!"$4;XE&ItJ,$r(B
>  $B$A$HJQ$($F$_$^$7$?!#(B

>  $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,(B, $B$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s(B. 
>  $B=$@5%Q%C%AEy$NFbMF$,2~cb$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B=pL>$N(B
>  $B%A%'%C%/$r9T$J$&$K$O(B, $B86J8$r;2>H$7$F$/$@$5$$(B. 

$B:#$5$i$+$b$7$l$J$$$1$I!"(B
$B2~cb"*2~$6$s(B
$B$K$7$?$$$J$!(B ($B!VD+F|?7J9$NMQ8l$N<j0z!W(B)$B!#(B

> --($B$3$3$+$i(B)
> =============================================================================
> FreeBSD-SA-01:53                                           Security Advisory
>                                                                 FreeBSD, Inc.
> 
> $B%H%T%C%/(B:	ipfw `me' on P2P interfaces matches remote address
- snip -
> I.   $BGX7J(B - Background
> 
> ipfw is a system facility which allows IP packet filtering,
> redirecting, and traffic accounting.
> ipfw $B$O(B IP $B%Q%1%C%H$N%U%#%k%?$d%j%@%$%l%/%H(B, $B%H%i%U%#%C%/2]6b$r(B
> $B9T$J$&%7%9%F%`5!G=$N0l$D$G$9(B.

$B2]6b$O9T$J$o$J$$$G$9(B :)

accounting $B$H$$$&8l$,9-$/MQ$$$i$l$F$$$k$N$OB?J,$K@N$NL>;D$j$@$H;W$C$F(B
$B$$$^$9!#!V%"%+%&%s%F%#%s%0!W$G$$$$$s$8$c$J$$$+$J!)(B acct, pacct $B$"$?$j(B
$B$G$O!V%W%m%;%9%"%+%&%s%F%#%s%0!W$H5-=R$9$k$N$r$h$/8+$+$1$^$9!#(B

> ipfw `me' rules are filter rules
> that specify a source or destination address of `me', intended to
> match any IP address configured on a local interface.
> ipfw $B$N(B `me' $B$H$$$&%k!<%k$O(B,
> $B%Q%1%C%H$NAw?.85(B/$BAw?.@h%"%I%l%9$r%m!<%+%k%$%s%?!<%U%'%$%9$N(B
> IP $B%"%I%l%9$K0lCW$5$;$k$?$a$N%U%#%k%?%k!<%k$r;X$7$^$9(B.

ipfw $B$N(B `me' $B$H$$$&%k!<%k$O(B, $BAw?.85(B/$BAw?.@h%"%I%l%9$H$7$F!V<+%7%9%F%`!W(B
$B$r;XDj$9$k$b$N$G(B, $B%m!<%+%k$N%$%s%?!<%U%'%$%9$KBP$7$F@_Dj$5$l$F$$$kG$0U(B
$B$N(B IP $B%"%I%l%9$K%^%C%A$9$k$b$N$G$9(B.

$B$+$J!#(B
----
$B$3$,$h$&$$$A$m$&(B
