Date: Wed, 17 Jul 2002 13:10:29 +0200 From: Bart Matthaei <bart@dreamflow.nl> To: "Carroll, D. (Danny)" <Danny.Carroll@mail.ing.nl> Cc: security@freebsd.org Subject: Re: ipfw and it's glory... Message-ID: <20020717111029.GA40276@heresy.dreamflow.nl> In-Reply-To: <6C506EA550443D44A061432F1E92EA4C6C5359@citsnl045.europe.intranet> References: <6C506EA550443D44A061432F1E92EA4C6C5359@citsnl045.europe.intranet>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 17, 2002 at 12:44:51PM +0200, Carroll, D. (Danny) wrote: > I disagree with te 1024-65535 rules. > In my experience you can get it to work without allowing all of these. Some things tend to break when you leave it out. I can't give you any examples atm, since I don't recall them :) > Plus the way you have it setup, if you ever have X running then port > 6000 is open and I really hate that idea. Then add deny rules for port 6000 :) Cheers, Bart -- Bart Matthaei bart@dreamflow.nl If at first you don't succeed, redefine success. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020717111029.GA40276>