Date: Sun, 25 Feb 2001 21:43:12 +0100 From: sthaug@nethelp.no To: scanner@jurai.net Cc: marcr@closed-networks.com, freebsd-security@FreeBSD.ORG Subject: Re: /etc/rc.firewall fixes Message-ID: <67798.983133792@verdi.nethelp.no> In-Reply-To: Your message of "Sun, 25 Feb 2001 15:33:28 -0500 (EST)" References: <Pine.BSF.4.21.0102251529170.66378-100000@sasami.jurai.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> And UDP is stateless. I would be itnerested to know how you filter > state with UDP. ;) You punch a hole in the firewall for the port(s) in question and for a limited amount of time (say 30 seconds). Useful to allow for instance DNS queries from clients on the inside. Yes, of course you are somewhat vulnerable while you have this hole in the firewall. However, it's probably better than having everything wide open, while also being more *useful* than having all UDP closed. Steinar Haug, Nethelp consulting, sthaug@nethelp.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?67798.983133792>