Date: Mon, 24 Mar 2014 00:16:26 +1100 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: Julian Elischer <julian@freebsd.org> Cc: freebsd-security@freebsd.org, RW <rwmaillists@googlemail.com>, ipfw@freebsd.org Subject: Re: ipfw dynamic rules Message-ID: <20140324000439.F87212@sola.nimnet.asn.au> In-Reply-To: <532E7398.5090607@freebsd.org> References: <51546.1395432085@server1.tristatelogic.com> <20140322182402.Q83569@sola.nimnet.asn.au> <201403221454.IAA22021@mail.lariat.net> <20140322151155.184d5229@gumby.homeunix.com> <532E723C.2090109@freebsd.org> <532E7398.5090607@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 22 Mar 2014 22:39:36 -0700, Julian Elischer wrote: > reposting with a useful subject line and more comments > > On 3/22/14, 10:33 PM, Julian Elischer wrote: > > > > in ipfw that's up to you.. > > but I usually put the check-state quite early in my rule sets. > > > On 3/22/14, 1:34 AM, Ian Smith wrote: > > Firstly, that's the one page in the handbook (that I know of) that needs > > completely nuking. It contains many factual errors as well as weird > > notions, and will only tend to mislead you; consult ipfw(8) and prosper. > > I'd say refer to the examples in rc.firewall but it too is in disrepair. Firstly, I owe an apology to the doc crew, one of whom contacted me privately to point out that the ipfw page has had quite a massaging lately, and work is ongoing. I'm sorry for not checking again first. > I am working on a new rc.firewall that is much more efficient. > the trouble is that the script to make it do what I want is a bit more > complicated. > I'll put it out for discussion later. maybe tonight. Great. Maybe my failed rc.firewall patch from '11 can still be useful. > as for the handbook pages.. after we see how the new firewall rules work > we can see about rewriting the page. Yes, well it seems there's a newer framework worth hanging it on now. I guess we should drop freebsd-security@ until there's some news? cheers, Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140324000439.F87212>