From owner-freebsd-current Sat Apr 13 14:43:17 1996 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id OAA29976 for current-outgoing; Sat, 13 Apr 1996 14:43:17 -0700 (PDT) Received: from news1.gtn.com (news1.gtn.com [192.109.159.3]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id OAA29970 for ; Sat, 13 Apr 1996 14:43:14 -0700 (PDT) Received: (from uucp@localhost) by news1.gtn.com (8.7.2/8.7.2) id XAA00546; Sat, 13 Apr 1996 23:15:22 +0200 (MET DST) Received: from localhost (localhost [127.0.0.1]) by knobel.gun.de (8.7.5/8.7.3) with SMTP id VAA06133; Sat, 13 Apr 1996 21:45:23 +0200 (MET DST) Date: Sat, 13 Apr 1996 21:45:22 +0200 (MET DST) From: Andreas Klemm To: Poul-Henning Kamp cc: Bill Fenner , current@freebsd.org Subject: Re: rc.firewall has some syntax errors and sample config hangs machine In-Reply-To: <18312.829409918@critter.tfs.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-current@freebsd.org X-Loop: FreeBSD.org Precedence: bulk -----BEGIN PGP SIGNED MESSAGE----- On Sat, 13 Apr 1996, Poul-Henning Kamp wrote: > > It would be fine, if the firewall configurations in /etc/rc.firewall > > could be enhanced. For example one could add more examples, so > > that people could pick up better, what they really need ... > > Well, you see, I kind of expected somebody like you to say something > along those lines. Now, Andreas, you don't have anything really > important scheduled the next couple of weeks ? No ? Fine!. > You see I'm flat out of time right now... ok, as usual ;-)) So you seem to have more important things on your wishlist ;-)) > I'm looking forward to your patches :-) Sorry, I can't promise much in the moment. Was a bit clumsy from me to expect, that you can simply present a well tested clever solution ... This firewall stuff is really not trivial. The biggest problem is, to have the hardware and time to _test_ it. > Maybe rc.firewall needs to be rethought a bit, maybe one file > per example or something, I'm not too happy with the "if false" > thing... Don't say that ... I like the file really much. Because it's well documented and shows, how one could configure a firewall. My only wish was a clever entry for the many people like me, that are connected to the internet via dialup modem && want to have a safe machine. When I was fiddeling around with this I saw, that it's really difficult, to forbid things without breaking the services you need yourself (ftp, telnet, http proxy, uucp over tcp ;-)) Thanks again for making this example and I'll see if I can make a good working and good documented example for PPP... Nice weekend Andreas /// - -- andreas@knobel.gun.de /\/\___ Wiechers & Partner Datentechnik GmbH Andreas Klemm ___/\/\/ $$ Support Unix - aklemm@wup.de $$ pgp p-key http://www-swiss.ai.mit.edu/~bal/pks-toplev.html >>> powered by <<< ftp://sunsite.unc.edu/pub/Linux/system/Printing/aps-491.tgz >>> FreeBSD <<< -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMXAEUvMLpmkD/U+FAQHr/AQAuHWKm5TQs6y+AJ1yj7ebwatRL+5Ern7K S0gxydvL9ikqbjQLqgu2BXgc7kk5THKixVXhBGBcCj7EAzie2ssQ7ZDa7+S8WPoN ikmuU5rShHiDh9SaR1rAr44/cTYI3OFRop2+zUytC44ALdzoCTvLEp6ITbsT9iaq 8OWmnZeuQlg= =GZvv -----END PGP SIGNATURE-----