Date: Tue, 14 Apr 2015 14:21:59 -0700 From: Charles Swiger <cswiger@mac.com> To: hiren panchasara <hiren@strugglingcoder.info> Cc: freebsd-ipfw@freebsd.org, nitroboost@gmail.com Subject: Re: ipfw on just inbound and not outbound Message-ID: <D8BD0557-9D3A-4F89-A988-57B76F68D650@mac.com> In-Reply-To: <20150414210901.GA10620@strugglingcoder.info> References: <20150414210901.GA10620@strugglingcoder.info>
next in thread | previous in thread | raw e-mail | index | archive | help
On Apr 14, 2015, at 2:09 PM, hiren panchasara = <hiren@strugglingcoder.info> wrote: > Apologies if this is something silly but I want to completely = eliminate > ipfw from outgoing traffic perspective. I just want to have it on > incoming. I can always add "allow ip from any to any out" as the first > rule but that is still ipfw doing something. >=20 > Is there a way to tell ipfw to not look at outbound traffic at all? >=20 > OR, the rule I mentioned is the best that can be done here? Blocking outbound traffic can be more important to security than = blocking inbound traffic-- for one reason, see BCP 38 / RFC-2827. The rule = you've suggested is the best that can be done, aside from disabling IPFW = entirely. Regards, --=20 -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?D8BD0557-9D3A-4F89-A988-57B76F68D650>