Date: Wed, 21 Mar 2001 22:30:55 +0100 From: Poul-Henning Kamp <phk@critter.freebsd.dk> To: Paul Richards <paul@freebsd-services.co.uk> Cc: Bill Fumerola <billf@mu.org>, Paul Richards <paul@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet ip_fw.c Message-ID: <89303.985210255@critter> In-Reply-To: Your message of "Wed, 21 Mar 2001 21:27:28 GMT." <3AB91CC0.9F52628A@freebsd-services.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <3AB91CC0.9F52628A@freebsd-services.co.uk>, Paul Richards writes: >> >Configuring *any* server without a default deny rule is more foolhardy >> >because there's a window of opportunity for a hacker before the rules >> >are applied. >> >> Most of my machines have a default allow rule because the ipfw is >> only there as an anti-DoS/BOFH tool... > >Configuring any *firewall* without a default deny rule is foolhardy then >:-) That we can almost agree on :-) -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?89303.985210255>