Date: Fri, 28 Feb 2003 15:42:00 +0100 (CET) From: "Patrick M. Hausen" <hausen@punkt.de> To: osa@freebsd.org.ru Cc: Igor Pokrovsky <igor.pokrovsky@cnrm.meteo.fr>, stable@FreeBSD.ORG Subject: Re: problems with getting through firewall using CVSup Message-ID: <200302281442.h1SEg0RV042490@hugo10.ka.punkt.de> In-Reply-To: <20030228143100.GC424@freebsd.org.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi! Sergey Osokin wrote: > > Is there any way to make it work? > > To fool firewall? > > Yes, looks like a bad/fool/stupid firewall administriva. No. This looks exactly like the correct way to implement a firewall. Everything which is not on the "explicitly permitted" list is denied by default. So users tring new and "interesting" protocols and services have to check if what they are trying to do is in accordance with the security policy first. I know, there are lots of companies that permit any inside initiated TCP connection. I'd call this stupid if not explicitly decided upon and documented. And last - maybe they are running a strict application level gateway like Gauntlet or Sidewinder? If this is the case the admin must define a custom TCP proxy for CVSup, first. Regards, Patrick M. Hausen Technical Director -- punkt.de GmbH Internet - Dienstleistungen - Beratung Scheffelstr. 17 a Tel. 0721 9109 -0 Fax: -100 76135 Karlsruhe http://punkt.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200302281442.h1SEg0RV042490>