Date: Tue, 02 Nov 1999 18:33:41 -0700 From: Warner Losh <imp@village.org> To: nate@mt.sri.com (Nate Williams) Cc: Adam Laurie <adam@algroup.co.uk>, Group Paranoia <security@FreeBSD.ORG> Subject: Re: hole(s) in default rc.firewall rules Message-ID: <199911030133.SAA16612@harmony.village.org> In-Reply-To: Your message of "Tue, 02 Nov 1999 14:13:42 MST." <199911022113.OAA25375@mt.sri.com> References: <199911022113.OAA25375@mt.sri.com> <Pine.BSF.4.10.9911012224120.54551-100000@green.myip.org> <381F4AAD.1D8E6001@algroup.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <199911022113.OAA25375@mt.sri.com> Nate Williams writes:
: > # block low port and NFS UDP but allow outgoing and replies for DNS,
: > NTP
: > # (and anything else that needs it).
: > $fwcmd add pass udp from any to ${ip} 53,123
: > $fwcmd add deny udp from any to ${ip} 0-1023,1110,2049
:
: What's special about 1110 and 2049?
2049 is NFS. Don't know what 1110 is.
Warner
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911030133.SAA16612>