Date: Wed, 4 Jan 2017 22:19:28 +0300 (MSK) From: Maxim Konovalov <maxim.konovalov@gmail.com> To: Warren Block <wblock@wonkity.com> Cc: Warren Block <wblock@FreeBSD.org>, doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org, dru@freebsd.org Subject: Re: svn commit: r49600 - head/en_US.ISO8859-1/books/handbook/firewalls Message-ID: <alpine.BSF.2.20.1701042142320.83306@mp2.macomnet.net> In-Reply-To: <alpine.BSF.2.20.1701031454590.52533@wonkity.com> References: <201610281531.u9SFVL7u096914@repo.freebsd.org> <alpine.BSF.2.20.1701021904430.83306@mp2.macomnet.net> <alpine.BSF.2.20.1701022145290.98030@wonkity.com> <alpine.BSF.2.20.1701031927070.83306@mp2.macomnet.net> <alpine.BSF.2.20.1701031454590.52533@wonkity.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[...] > > I'd remove the "setup" keyword from the command. Let me know if I can > > go ahead with this change. > > It's okay with me. Er, "Approved". It would be really nice if you could test > and verify it, but not required. > Done. Just a side note: the chapter still needs more work -- e.g. there is the time service rule in the ipf (not sure if it is ever functional on FreeBSD these days) sub-chapter. There is a quite dubious 310 rule in the ipfw example (dru@ cc'ed) that claims that denies "Deny public pings" but in fact denies all ICMP not just ICMP echo request/response or types 9/0. It means it could break the path mtu discovery mechanism that relies on ICMP type 3 code 4 messages. I must admit I haven't read the chapter carefully. Thanks, Maxim -- Maxim Konovalov
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.20.1701042142320.83306>