From owner-freebsd-pf@FreeBSD.ORG Thu Jul 29 19:08:30 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B7A791065670 for ; Thu, 29 Jul 2010 19:08:30 +0000 (UTC) (envelope-from Greg.Hennessy@nviz.net) Received: from mail2.jellyfishnet.co.uk (mail2.jellyfishnet.co.uk [93.91.20.10]) by mx1.freebsd.org (Postfix) with ESMTP id 4DD0B8FC08 for ; Thu, 29 Jul 2010 19:08:30 +0000 (UTC) Received: from pemexhub01.jellyfishnet.co.uk.local (93.91.20.2) by mail2.jellyfishnet.co.uk (93.91.20.10) with Microsoft SMTP Server (TLS) id 8.1.393.1; Thu, 29 Jul 2010 20:09:13 +0100 Received: from PEMEXMBXVS02.jellyfishnet.co.uk.local ([192.168.65.37]) by pemexhub01.jellyfishnet.co.uk.local ([192.168.65.7]) with mapi; Thu, 29 Jul 2010 20:08:28 +0100 From: Greg Hennessy To: Peter Maxwell Date: Thu, 29 Jul 2010 20:08:27 +0100 Thread-Topic: For better security: always "block all" or "block in all" is enough? Thread-Index: AcsvLw/YW5uWLtM9RsKdzfQsP8s+fAAH4DTw Message-ID: <9E8D76EC267C9444AC737F649CBBAD902769C51EE9@PEMEXMBXVS02.jellyfishnet.co.uk.local> References: <20290C577F743240B5256C89EFA753810C46894B92@HIKAWSEX01.ad.harman.com> <9E8D76EC267C9444AC737F649CBBAD902769BF6F5B@PEMEXMBXVS02.jellyfishnet.co.uk.local> <9E8D76EC267C9444AC737F649CBBAD902767E3BF75@PEMEXMBXVS02.jellyfishnet.co.uk.local> In-Reply-To: Accept-Language: en-US, en-GB Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US, en-GB Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 Cc: "freebsd-pf@freebsd.org" Subject: RE: For better security: always "block all" or "block in all" is enough? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Jul 2010 19:08:30 -0000 DQoNCj4gSWYsIGFzIHlvdSBzYXksIHRoZXJlIGFyZSAiR292ZXJuYW5jZSwgUmlzaywgYW5kIENv bXBsaWFuY2UgcmVhc29ucyIsIA0KPiBwZXJoYXBzIHlvdSdkIGxpa2UgdG8gc3BlY2lmeSBvbmUg b3IgdHdvIGZvciBlYWNoIGNhdGVnb3J5Pw0KDQpTdGFydCB3aXRoIGFuIElTTVMgZGVyaXZlZCBm cm9tIDI3aywgYWRkIGEgc291cGNvbiBvZiBQQ0kgRFNTIHJlcXVpcmVtZW50IDEwLCBCYXNlbCBJ SSwgdGhyb3cgaW4gU09YIDQwNCBvciBhbiBTQVMgNzAgdHlwZSBJSSBhdWRpdCwgeW91IGdldCB0 aGUgcGljdHVyZS4gDQoNCj4gTG9nZ2luZyBhIGRlZmF1bHQgZGVueSBvbiBhbiBpbnRlcm5hbCBm aXJld2FsbCwgeWVzIC0gb2sgLSBJIGFncmVlIHdpdGggeW91LCB0aGF0J3MgcHJvYmFibHkgcmVh c29uYWJsZS4NCg0KT25seSBwcm9iYWJseT8gSG93IG11Y2ggJ2NvbW1lcmNpYWwnIGZpcmV3YWxs IHdvcmsgaGF2ZSB5b3UgZG9uZSBhZ2Fpbiwgc2VyaW91c2x5ID8NCiANCj4gwqBIb3dldmVyLCBs b2dnaW5nIGV2ZXJ5IGJsb2NrZWQgcGFja2V0IG9uIGFuIGludGVybmV0IGZhY2luZyBmaXJld2Fs bCBpcyBwbGFpbiBkYWZ0LiANCg0KU2F5aW5nIGl0IGRvZXNu4oCZdCBtYWtlIGl0IHNvLiANCg0K PiBFdmVuIHRoZSBzdG9yYWdlIHJlcXVpcmVtZW50cyB3b3VsZCBiZSBzb21ld2hhdCBvbmVyb3Vz LCANCg0KU3RvcmFnZSBpcyBjaGVhcC4gRGFtYWdlIHRvIHJlcHV0YXRpb24gY2F1c2VkIGJ5IGJl aW5nIGluIGJyZWFjaCBvZiByZWd1bGF0b3J5IHJlcXVpcmVtZW50cyB3LnIudCBsb2cgcmV0ZW50 aW9uIGlzIG5vdC4gDQoNCj4gYW5kIHRoYXQncyBiZWZvcmUgdHJ5aW5nIHRvIHByb2Nlc3MgdGhl IGRhdGEgaW50byBzb21ldGhpbmcgbWVhbmluZ2Z1bC4gwqANCj4gQW5kIGFsbCB0byBjb25maXJt IHRoYXQgdGhlcmUncyBhIGxvdCBvZiBub2lzZSBhbmQgcG9ydCBzY2FubmluZyBnb2luZyBvbi4N Cg0KT3IgaXQncyBwYXJ0IG9mIGEgbXVjaCBsYXJnZXIgcGljdHVyZSB3aGljaCBpcyBmZWQgaW50 byBhbiBTSUVNIHN5c3RlbSBmb3IgZXZlbnQgY29ycmVsYXRpb24gYW5kIGNvbnNlcXVlbnQgYWxl cnRpbmcuIA0KDQpGaXJld2FsbHMgYXJlIG5vdCB0aGUgb25seSBzZWN1cml0eSBjb250cm9sIHBv aW50cw0KDQoNCkdyZWcNCg0K