Date: Tue, 25 Jan 2000 00:39:40 -0500 From: Mike Tancsa <mike@sentex.net> To: The Mad Scientist <madscientist@thegrid.net>, freebsd-security@FreeBSD.ORG Subject: Re: more complete ipfw rules Message-ID: <4.2.2.20000125003658.00b01550@mail.sentex.net> In-Reply-To: <4.1.20000124201245.00962220@mail.thegrid.net> References: <3.0.5.32.20000124151825.01c3d100@staff.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
At 08:51 PM 1/24/2000 -0800, The Mad Scientist wrote:
>Don't forget about
>
>$fwcmd add 100 allow all from any to any via lo0
>$fwcmd add 200 deny log all from any to 127.0.0.0/8
Yup, that's already in there in the default rc.firewall.
>loose and strict source routing isn't illegal, but usually used for
>subversion.
>$fwcmd add 500 deny log ip from any to any in via ${out_if} ipoptions
>lsrr,ssrr
Thanks. That's a good one to consider as well.
---Mike
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.20000125003658.00b01550>