Date: Thu, 02 Dec 1999 22:10:16 +0000 From: Adam Laurie <adam@algroup.co.uk> To: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> Cc: John Baldwin <jhb@FreeBSD.ORG>, freebsd-security@FreeBSD.ORG Subject: Re: rc.firewall revisited Message-ID: <3846EE48.558E53A5@algroup.co.uk> References: <199912021807.KAA73912@gndrsh.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
"Rodney W. Grimes" wrote: > > ... > > > > > > # Allow all outgoing UDP > > > $fwcmd add pass udp from any to any > > The comment for this does not match what the rule actually does, > this rule has not ``outgoing'' about it at all.... > > > OK, well this more or less matches my own current iteration, so I have > > no problem with that... > > The above rule set reduces to nothing more than a deny to low ports > and NFS due to missing via/in/out clauses.. Errr... That's all it's meant to be... Bear in mind that the stock rc.firewall has several sections (simple, client, etc.)- this example is appropriate only for one of the sections and is being used as an example just to agree the basis. Once that's done, a proper rule will need to be constructed for each section. cheers, Adam -- Adam Laurie Tel: +44 (181) 742 0755 A.L. Digital Ltd. Fax: +44 (181) 742 5995 Voysey House Barley Mow Passage http://www.aldigital.co.uk London W4 4GB mailto:adam@algroup.co.uk UNITED KINGDOM PGP key on keyservers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3846EE48.558E53A5>