Date: Thu, 21 Sep 2000 00:32:40 -0700 From: "Crist J . Clark" <cjclark@reflexnet.net> To: Chip <chip@wiegand.org> Cc: "seafug@dub.net" <seafug@dub.net>, "freebsd-questions@freebsd.org" <freebsd-questions@FreeBSD.ORG> Subject: Re: natd does port forwarding? Message-ID: <20000921003240.B367@149.211.6.64.reflexcom.com> In-Reply-To: <39C99DB2.7EBD76BC@wiegand.org>; from chip@wiegand.org on Wed, Sep 20, 2000 at 10:33:38PM -0700 References: <39C6FCCC.D0103226@wiegand.org> <20000918225104.I367@149.211.6.64.reflexcom.com> <39C70308.EF52766F@wiegand.org> <20000919000233.L367@149.211.6.64.reflexcom.com> <39C84A4B.766B5B24@wiegand.org> <20000919232213.Q367@149.211.6.64.reflexcom.com> <20000920212502.W367@149.211.6.64.reflexcom.com> <39C99DB2.7EBD76BC@wiegand.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Sep 20, 2000 at 10:33:38PM -0700, Chip wrote: > [Attribution to me lost] > > Not only do you have the distributed "open" firewall running, but you > > must have built a kernel with the, > > > > options IPFIREWALL_DEFAULT_TO_ACCEPT > > > > Which is not recommended. Other than that, no suprises. > > So, is it okay to go back and recompile the kernel without this > option? What effect will that have on my currant set up? None. But when you actually want to build rules to protect your net, default deny is the way to go. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000921003240.B367>