From owner-freebsd-stable  Sat Feb 17  2:22:14 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from sdmail0.sd.bmarts.com (sdmail0.sd.bmarts.com [192.215.234.86])
	by hub.freebsd.org (Postfix) with SMTP id 4A0D537B401
	for <freebsd-stable@FreeBSD.ORG>; Sat, 17 Feb 2001 02:22:12 -0800 (PST)
Received: (qmail 7635 invoked by uid 1078); 17 Feb 2001 10:22:09 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 17 Feb 2001 10:22:09 -0000
Date: Sat, 17 Feb 2001 02:22:09 -0800 (PST)
From: Gordon Tetlow <gordont@bluemtn.net>
X-X-Sender:  <gordont@sdmail0.sd.bmarts.com>
To: Nick Sayer <nsayer@quack.kfu.com>
Cc: FreeBSD Stable <freebsd-stable@FreeBSD.ORG>
Subject: Re: Can't Telnet but can SSH?
In-Reply-To: <3A8E111C.9060100@quack.kfu.com>
Message-ID: <Pine.BSF.4.31.0102170220450.5249-100000@sdmail0.sd.bmarts.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Fri, 16 Feb 2001, Nick Sayer wrote:

> Gordon Tetlow wrote:
> > allow tcp from any to ${oip} 53 setup
> > allow udp from any to ${oip} 53
> > allow udp from ${oip} 53 to any
> This is _exceedingly_ insecure. This allows anyone to bind any
> instrument of destruction they wish to their machine on port 53 and
> something more dangerous on your inside -- perhaps port 2049 (NFS)?

Actually, this is the default config. I'd ask that you make the
appropriate changes to the /etc/rc.firewall script to make it more secure
and send-pr it.

-gordon



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message