Date: Tue, 20 Jun 2000 11:46:17 -0700 (PDT) From: Kris Kennaway <kris@FreeBSD.org> To: Roland Jesse <jesse@mail.CS.Uni-Magdeburg.De> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: hosts.allow: deny set but ping requests come through Message-ID: <Pine.BSF.4.21.0006201144460.91097-100000@freefall.freebsd.org> In-Reply-To: <0v1z1tx45i.fsf@cs.uni-magdeburg.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On 19 Jun 2000, Roland Jesse wrote:
> Good point and thanks for the pointer. Now it is way more restrictive
> than I wanted it to be but at least the ping requests from the
> specific machine in question don't get answered anymore.
Restrictive firewalls (e.g. those which deny everything and then allow
through specific exceptions) are usually better than open ones which only
deny a few things, because chances are you've forgotten something, or
you'll forget to update it when you install a new service. So this is a
good thing - just remember to check the ipfw logs when you have a
"weird" problem with network connectivity (assuming you wrote your 'deny'
rules as 'deny log').
Kris
--
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0006201144460.91097-100000>