Date: Tue, 25 Jul 2000 15:31:23 -0700 (PDT) From: Mike Hoskins <mike@adept.org> To: Stephen Montgomery-Smith <stephen@math.missouri.edu> Cc: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>, freebsd-security@FreeBSD.ORG Subject: Re: Problems with natd and simple firewall Message-ID: <Pine.BSF.4.21.0007251529120.28446-100000@snafu.adept.org> In-Reply-To: <397E10CC.BF84B0E7@math.missouri.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 25 Jul 2000, Stephen Montgomery-Smith wrote: > Well, now that I understand a bit how dynamic rules work, I'm going to > agree with this vote against my own idea. Those dynamic rules are > really very very nice. How'd we ever live without 'em? ;) > But maybe a dynamic rule set should be put into the default rc.firewall - > perhaps not replace simple, but an additional - maybe call it dynamic. It may well be added... Stateful ipfw is a relatively new happening (ipfw didn't previously have check/keep-state, you had to use ipf for such features). > Also, it would be good to add some comments to rc.firewall to explain this. Aye... A thoroughly-commeneted 'dynamic' rc.firewall option may be the best thing to come out of all this. -mrh To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0007251529120.28446-100000>