Date: Sat, 11 Nov 2006 17:08:32 +0100
From: "Julian H. Stacey" <jhs@flat.berklix.net>
To: freebsd-security@freebsd.org
Subject: src/etc/rc.firewall simple ${fw_pass} tcp from any to any established
Message-ID: <200611111608.kABG8WRn069267@fire.jhs.private>
In-Reply-To: <4555E508.1090705@FreeBSD.org>
References: <200611111442.kABEg4xT068699@fire.jhs.private> <4555E508.1090705@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi security@ list, In my self written, large ipfw rule set, I had something that passed http to allow me to browse most but not all remote sites. For years I assumed the few sites I had difficulty with were cases pppoed MTU != 1500, from not having installed tcpmssd on my 4.*-RELEASE, but then running 6.1-RELEASE I realised that wasn't the problem. http://www.web.de Still failed, & http://www.sueddeutsche.de Was slow. I tried adding ${fwcmd} add pass tcp from any to any established from src/etc/rc.firewall case - simple. Which solved it. But I was scared, not undertstand what the established bit did, & how easily an attacker might fake something, etc. I found adding these tighter rules instead worked for me ${fwcmd} tcp from any http to me established in via tun0 ${fwcmd} tcp from me to any http established out via tun0 Should I still be worrying about established ? Julian -- Julian Stacey. BSD Unix C Net Consultancy, Munich/Muenchen http://berklix.com Mail Ascii, not HTML. Ihr Rauch = mein allergischer Kopfschmerz. http://berklix.org/free-software
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200611111608.kABG8WRn069267>