From owner-freebsd-bugs Sun Jun 1 21:00:04 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id VAA24173 for bugs-outgoing; Sun, 1 Jun 1997 21:00:04 -0700 (PDT) Received: (from gnats@localhost) by hub.freebsd.org (8.8.5/8.8.5) id VAA24167; Sun, 1 Jun 1997 21:00:02 -0700 (PDT) Resent-Date: Sun, 1 Jun 1997 21:00:02 -0700 (PDT) Resent-Message-Id: <199706020400.VAA24167@hub.freebsd.org> Resent-From: gnats (GNATS Management) Resent-To: freebsd-bugs Resent-Reply-To: FreeBSD-gnats@FreeBSD.ORG, Harlan Stenn Received: from pcpsj.pfcs.com (/REMeReV8VMBuMCpSuwu5r1c5k65WNAe@harlan.fred.net [205.252.219.31]) by hub.freebsd.org (8.8.5/8.8.5) with SMTP id UAA24076 for ; Sun, 1 Jun 1997 20:56:28 -0700 (PDT) Received: from mumps.pfcs.com (mumps.pfcs.com [192.52.69.11]) by pcpsj.pfcs.com (8.6.12/8.6.9) with SMTP id XAA00456 for ; Sun, 1 Jun 1997 23:56:15 -0400 Received: from brown.pfcs.com by mumps.pfcs.com with SMTP id AA02324 (5.67b/IDA-1.5 for ); Sun, 1 Jun 1997 23:56:14 -0400 Received: from harlan by brown.pfcs.com with local (Exim 1.62 #1) id 0wYOE9-0000kR-00; Sun, 1 Jun 1997 23:56:13 -0400 Message-Id: Date: Sun, 1 Jun 1997 23:56:13 -0400 From: Harlan Stenn To: FreeBSD-gnats-submit@FreeBSD.ORG X-Send-Pr-Version: 3.2 Subject: conf/3750: Potential improvements to rc.firewall Sender: owner-bugs@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk >Number: 3750 >Category: conf >Synopsis: Potential improvements to rc.firewall >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Jun 1 21:00:01 PDT 1997 >Last-Modified: >Originator: Harlan Stenn >Organization: PFCS Corporation >Release: FreeBSD 2.1.0-RELEASE i386 >Environment: -current (probably earlier releases, too) >Description: I think some of the rules are too loose. >How-To-Repeat: Examination. >Fix: (I also sent this to -hackers) --- rc.firewall- Sun Jun 1 21:23:06 1997 +++ rc.firewall Sun Jun 1 21:29:11 1997 @@ -87,11 +87,11 @@ /sbin/ipfw add deny tcp from any to any setup # Allow DNS queries out in the world - /sbin/ipfw add pass udp from any 53 to ${ip} + /sbin/ipfw add pass udp from any to ${ip} 53 /sbin/ipfw add pass udp from ${ip} to any 53 # Allow NTP queries out in the world - /sbin/ipfw add pass udp from any 123 to ${ip} + /sbin/ipfw add pass udp from any to ${ip} 123 /sbin/ipfw add pass udp from ${ip} to any 123 # Everything else is denied as default. @@ -144,11 +144,11 @@ /sbin/ipfw add pass tcp from any to any setup # Allow DNS queries out in the world - /sbin/ipfw add pass udp from any 53 to ${oip} + /sbin/ipfw add pass udp from any to ${oip} 53 /sbin/ipfw add pass udp from ${oip} to any 53 # Allow NTP queries out in the world - /sbin/ipfw add pass udp from any 123 to ${oip} + /sbin/ipfw add pass udp from any to ${oip} 123 /sbin/ipfw add pass udp from ${oip} to any 123 # Everything else is denied as default. >Audit-Trail: >Unformatted: