From owner-freebsd-questions Fri Mar 22 19:42: 0 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5]) by hub.freebsd.org (Postfix) with ESMTP id 8804937B425 for ; Fri, 22 Mar 2002 19:41:56 -0800 (PST) Received: from hades.hell.gr (patr530-a139.otenet.gr [212.205.215.139]) by mailsrv.otenet.gr (8.12.2/8.12.2) with ESMTP id g2N3foIg022344; Sat, 23 Mar 2002 05:41:53 +0200 (EET) Received: from hades.hell.gr (hades [127.0.0.1]) by hades.hell.gr (8.12.2/8.12.2) with ESMTP id g2N3fmbe060042; Sat, 23 Mar 2002 05:41:48 +0200 (EET) (envelope-from keramida@freebsd.org) Received: (from charon@localhost) by hades.hell.gr (8.12.2/8.12.2/Submit) id g2N3TxbO059868; Sat, 23 Mar 2002 05:29:59 +0200 (EET) (envelope-from keramida@freebsd.org) Date: Sat, 23 Mar 2002 05:29:59 +0200 From: Giorgos Keramidas To: Cliff Sarginson Cc: questions@freebsd.org Subject: Re: ipfw rules (was: Re: Advocacy help for CS professor) Message-ID: <20020323032958.GA59842@hades.hell.gr> References: <1016835511.3c9badb74132e@webmail.neomedia.it> <20020322235100.GN4940@raggedclown.net> <20020323001642.GA55585@hades.hell.gr> <20020323003356.GQ4940@raggedclown.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020323003356.GQ4940@raggedclown.net> User-Agent: Mutt/1.3.28i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 2002-03-23 01:33, Cliff Sarginson wrote: > On Sat, Mar 23, 2002 at 02:16:42AM +0200, Giorgos Keramidas wrote: > > The countless examples of ipfw/ipfilter setups posted on the FreeBSD lists > > might also help you :-) > > I know, but every firewall I have ever made has not worked. > I think I have a blind spot. ... > My firewalls either let villains in, or keep me out. This is because firewalls are not the panacea of security. Security is not a program, or a firewall, or a ruleset. Security is a process. A way of thinking, and working on computers. You can have a firewall that blocks everything, except for SSH, and then be hacked by the first script kiddie when an update to OpenSSH comes out and you fail to update your ssh server machines. You can have a firewall that blocks everything except for RSA logins through ssh, and then leave a copy of your private keyring in the floppy drive of a netcafe. Firewalls are *not* enough... Giorgos Keramidas FreeBSD Documentation Project keramida@{freebsd.org,ceid.upatras.gr} http://www.FreeBSD.org/docproj/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message