Date: Thu, 02 Dec 1999 13:17:59 -0500 (EST) From: John Baldwin <jhb@FreeBSD.org> To: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> Cc: freebsd-security@FreeBSD.org, (Adam Laurie) <adam@algroup.co.uk> Subject: Re: rc.firewall revisited Message-ID: <199912021817.NAA54042@server.baldwin.cx> In-Reply-To: <199912021807.KAA73912@gndrsh.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 02-Dec-99 Rodney W. Grimes wrote:
> ...
>> >
>> > # Allow all outgoing UDP
>> > $fwcmd add pass udp from any to any
>
> The comment for this does not match what the rule actually does,
> this rule has not ``outgoing'' about it at all....
Grrr.. perhaps this would be better:
$fwcmd add pass udp from ${ip} to any
>> OK, well this more or less matches my own current iteration, so I have
>> no problem with that...
>
> The above rule set reduces to nothing more than a deny to low ports
> and NFS due to missing via/in/out clauses..
Do you prefer your earlier proposal that used a $dnsserver variable then?
> --
> Rod Grimes - KD7CAX @ CN85sl - (RWG25)
> rgrimes@gndrsh.dnsmgr.net
--
John Baldwin <jhb@FreeBSD.org> -- http://www.FreeBSD.org/~jhb/
PGP Key: http://www.cslab.vt.edu/~jobaldwi/pgpkey.asc
"Power Users Use the Power to Serve!" - http://www.FreeBSD.org/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199912021817.NAA54042>