FreeBSD Patches DoS Vulnerability


    Should we manually update via the patch listed i the article?

  • Rebel Alliance Developer Netgate


    This is of minimal impact to pfSense because:

    1. This is for connections to a FreeBSD, not through a FreeBSD system – on pfSense, most traffic is through (LAN to WAN, for example) and not to the firewall directly.

    2. A stateful firewall mitigates the problem. Using pf is mentioned as a workaround in the SA, and if you're running pfSense, you're already doing that unless you manually disabled pf.

    So to summarize, unless you have 1. disabled pf, and 2. run open services to the world on the firewall with pf disabled, it likely does not impact you.

    To me, it's not enough to warrant another 2.1.x release on its own, but we will have the fix on 2.2.

  • kinda thought so since PF is not listed anywhere as being affected, but since the base is FreeBSD thought just to be safe, ask

Log in to reply