Date: Wed, 22 Mar 2006 10:26:34 -0500 From: Chuck Swiger <cswiger@mac.com> To: fbsd_user@a1poweruser.com Cc: freebsd-questions@freebsd.org Subject: Re: Google Talk and NAT issue ? Message-ID: <44216CAA.3060609@mac.com> In-Reply-To: <MIEPLLIBMLEEABPDBIEGGENPHCAA.fbsd_user@a1poweruser.com> References: <MIEPLLIBMLEEABPDBIEGGENPHCAA.fbsd_user@a1poweruser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
fbsd_user wrote: > Just what do you mean by punching a hole in the > firewall without the firewalls knowledge? > > The firewall is designed to stop just such a thing. If the firewall opens a path for the external server inbound as a result of supporting active-mode FTP or the data channel for IRC, which most firewalls do by default if they permit FTP through in the first place, that can be used to send arbitrary data back to the client. Having the firewall block FTP, HTTP, and IRC/6667 traffic from inside machines, except for a trusted and monitored proxy server like Squid, will significantly improve the security of the network... -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44216CAA.3060609>