Date: Sun, 1 Jun 1997 23:56:13 -0400 From: Harlan Stenn <Harlan.Stenn@pfcs.com> To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: conf/3750: Potential improvements to rc.firewall Message-ID: <E0wYOE9-0000kR-00@brown.pfcs.com> Resent-Message-ID: <199706020400.VAA24167@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 3750 >Category: conf >Synopsis: Potential improvements to rc.firewall >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Jun 1 21:00:01 PDT 1997 >Last-Modified: >Originator: Harlan Stenn >Organization: PFCS Corporation >Release: FreeBSD 2.1.0-RELEASE i386 >Environment: -current (probably earlier releases, too) >Description: I think some of the rules are too loose. >How-To-Repeat: Examination. >Fix: (I also sent this to -hackers) --- rc.firewall- Sun Jun 1 21:23:06 1997 +++ rc.firewall Sun Jun 1 21:29:11 1997 @@ -87,11 +87,11 @@ /sbin/ipfw add deny tcp from any to any setup # Allow DNS queries out in the world - /sbin/ipfw add pass udp from any 53 to ${ip} + /sbin/ipfw add pass udp from any to ${ip} 53 /sbin/ipfw add pass udp from ${ip} to any 53 # Allow NTP queries out in the world - /sbin/ipfw add pass udp from any 123 to ${ip} + /sbin/ipfw add pass udp from any to ${ip} 123 /sbin/ipfw add pass udp from ${ip} to any 123 # Everything else is denied as default. @@ -144,11 +144,11 @@ /sbin/ipfw add pass tcp from any to any setup # Allow DNS queries out in the world - /sbin/ipfw add pass udp from any 53 to ${oip} + /sbin/ipfw add pass udp from any to ${oip} 53 /sbin/ipfw add pass udp from ${oip} to any 53 # Allow NTP queries out in the world - /sbin/ipfw add pass udp from any 123 to ${oip} + /sbin/ipfw add pass udp from any to ${oip} 123 /sbin/ipfw add pass udp from ${oip} to any 123 # Everything else is denied as default. >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0wYOE9-0000kR-00>