Date: Sat, 17 Feb 2001 02:22:09 -0800 (PST) From: Gordon Tetlow <gordont@bluemtn.net> To: Nick Sayer <nsayer@quack.kfu.com> Cc: FreeBSD Stable <freebsd-stable@FreeBSD.ORG> Subject: Re: Can't Telnet but can SSH? Message-ID: <Pine.BSF.4.31.0102170220450.5249-100000@sdmail0.sd.bmarts.com> In-Reply-To: <3A8E111C.9060100@quack.kfu.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 16 Feb 2001, Nick Sayer wrote:
> Gordon Tetlow wrote:
> > allow tcp from any to ${oip} 53 setup
> > allow udp from any to ${oip} 53
> > allow udp from ${oip} 53 to any
> This is _exceedingly_ insecure. This allows anyone to bind any
> instrument of destruction they wish to their machine on port 53 and
> something more dangerous on your inside -- perhaps port 2049 (NFS)?
Actually, this is the default config. I'd ask that you make the
appropriate changes to the /etc/rc.firewall script to make it more secure
and send-pr it.
-gordon
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.31.0102170220450.5249-100000>