URGENT? (was: Re: NTP security hole CVE-2013-5211?)
RW
rwmaillists at googlemail.com
Sat Mar 22 15:12:02 UTC 2014
On Sat, 22 Mar 2014 08:48:40 -0600
Brett Glass wrote:
> This is correct. And that's awkward, because you might not want all of
> these checks in one place. Also, if there are many dynamic rules this
> will slow traffic down quite a bit.
It should be the other way around. Once a flow has been learned it's
just a simple hash-table lookup once you hit the first stateful rule.
In pf most packets bypass the rules altogether.
More information about the freebsd-security
mailing list