From owner-freebsd-security Thu Dec 2 10: 7:43 1999 Delivered-To: freebsd-security@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id 7C7DF14D2D; Thu, 2 Dec 1999 10:07:40 -0800 (PST) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id KAA73912; Thu, 2 Dec 1999 10:07:28 -0800 (PST) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <199912021807.KAA73912@gndrsh.dnsmgr.net> Subject: Re: rc.firewall revisited In-Reply-To: <3846B1CA.21FD4270@algroup.co.uk> from Adam Laurie at "Dec 2, 1999 05:52:10 pm" To: adam@algroup.co.uk (Adam Laurie) Date: Thu, 2 Dec 1999 10:07:28 -0800 (PST) Cc: jhb@FreeBSD.ORG (John Baldwin), freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ... > > > > # Allow all outgoing UDP > > $fwcmd add pass udp from any to any The comment for this does not match what the rule actually does, this rule has not ``outgoing'' about it at all.... > OK, well this more or less matches my own current iteration, so I have > no problem with that... The above rule set reduces to nothing more than a deny to low ports and NFS due to missing via/in/out clauses.. -- Rod Grimes - KD7CAX @ CN85sl - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message