Re: ipfilter 3.4.28?

Mordechai T. Abzug wrote:
> Is 3.4.x still being maintained? Is 3.4.28 in particular still safe
> in a non-NAT environment?
>
> Long story, for those who care:
>
> This customer is very conservative about software. The only security
> fix I see documented for 3.4.x after 3.4.28 is a crash bug involving
> NAT and fragmentation, and they're not doing NAT on these boxes. So
> my temptation is to tell them it's OK to upgrade to 3.4.28, which
> they've already validated, rather than the latest-and-greatest 4.1.29.
> But I still have residual concerns that 3.4.x might not be maintained,
> or that I am not understanding the "HISTORY" file that came with
> 3.4.35.
>

It depends on what you consider a "security" problem...
...for example, the non-fragmented logging problem (fixed in 3.4.34)
might worry some
...the fix for ipf_pullup() in 3.4.33 could be cause for concern about
reliability
...the ftp proxy fixes for .29 might be cause for concern if you use that

Darren