Date: Mon, 15 May 2000 13:29:19 -0700 (PDT) From: Archie Cobbs <archie@whistle.com> To: krentel@dreamscape.com (Mark W. Krentel) Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: rc.firewall rule 200 Message-ID: <200005152029.NAA35843@bubba.whistle.com> In-Reply-To: <200005150252.WAA07148@dreamscape.com> from "Mark W. Krentel" at "May 14, 2000 10:52:36 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Mark W. Krentel writes: > The rc.firewall script adds these rules: > > ${fwcmd} add 100 pass all from any to any via lo0 > ${fwcmd} add 200 deny all from any to 127.0.0.0/8 The point of these two rules is to disallow someone on another (locally networked) machine from doing this: ifconfig lo0 down delete route add 127.0.0.0 <your-machine-ip-address> telnet 127.0.0.1 and circumventing your firewall. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200005152029.NAA35843>