Date: Thu, 04 Mar 2004 10:33:09 -0500 From: "Shaun T. Erickson" <ste@ste-land.com> To: freebsd-questions@freebsd.org Subject: Re: My ipfilter rules. Message-ID: <40474C35.9040806@ste-land.com> In-Reply-To: <404662DE.6000204@ste-land.com> References: <4046402D.6030101@ste-land.com> <404662DE.6000204@ste-land.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In order to be a good netizen, I applied the bogon list to my outbound traffic, too. I also moved the bad packet checks to the head of the incoming rules, as they make more sense there - no point in letting them use any more cpu than needed, if they are junk. At least 35 people have looked at my rules (http://www.ste-land.com/rules.html). I've updated the page, so be sure to hit refresh/reload, if you go to look at it again. So far, two people have responded. I took the suggestions of one. Anyone else? I'm putting the server on the Internet tonight, and would like the firewall done by then. Two questions: 1) Should I be performing the bad packet checks on the outbound path, too? 2) I looked at using groups to keep outbound packets from traversing rules for inbound packets, and vice versa, but I still don't understand them well enough to set them up. Suggestions? -ste
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40474C35.9040806>