From owner-freebsd-security  Tue Aug  1 14:11:19 2000
Delivered-To: freebsd-security@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 758)
	id CB0F437B71C; Tue,  1 Aug 2000 14:11:17 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
	by hub.freebsd.org (Postfix) with ESMTP
	id C90172E8195; Tue,  1 Aug 2000 14:11:17 -0700 (PDT)
	(envelope-from kris@hub.freebsd.org)
Date: Tue, 1 Aug 2000 14:11:17 -0700 (PDT)
From: Kris Kennaway <kris@hub.freebsd.org>
To: Greg Hormann <ghormann@alumni.indiana.edu>
Cc: security@freebsd.org
Subject: Re: your mail
In-Reply-To: <Pine.BSF.4.05.10008010024290.89472-100000@hormann.tzo.cc>
Message-ID: <Pine.BSF.4.21.0008011410270.18926-100000@hub.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, 1 Aug 2000, Greg Hormann wrote:

> (2) Whats the best way to block this?  If I block external access to the
> Socks5 port in my firewall will socks5 still work?  Should I just use a
> permit/auth statement?

For maximum results use both an ACL in SOCKS to only permit from the hosts
you want, and firewall incoming connections to that port.

Kris

--
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe@alum.mit.edu>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message