Date: Sat, 20 Mar 2004 14:36:40 +0100 From: Idar Tollefsen <idart@performancedesign.no> To: freebsd-net@freebsd.org Subject: Firewall - why not just block everything not to/from me? Message-ID: <405C48E8.5060903@performancedesign.no>
next in thread | raw e-mail | index | archive | help
Hello, I'll admit that networking isn't my strongest side, but I hope to learn some more, and this has been bugging me a little, so I hope someone will bear over with me and explain this. I have a firewall setup based on the "simple" setup in rc.firewall. I was wondering why the blocks for RFC1918 and other "illegal" nets on both sides of natd are as they are? Or rather, why not just block everything not destined for the address(es) on the external interface(s) before natd and everything not from the same address(es) after natd? What would I miss that should, or shouldn't, have let in/out if I do that? Another question is why I need to block incoming traffic to addresses not associated with my machine at all? Why would, for example, my box ever receive request destined for 192.168.0.1 when that's not my address? Thank your for your time. - IT
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?405C48E8.5060903>