Date: Tue, 2 Nov 1999 14:13:42 -0700 From: Nate Williams <nate@mt.sri.com> To: Adam Laurie <adam@algroup.co.uk> Cc: Group Paranoia <security@FreeBSD.ORG> Subject: Re: hole(s) in default rc.firewall rules Message-ID: <199911022113.OAA25375@mt.sri.com> In-Reply-To: <381F4AAD.1D8E6001@algroup.co.uk> References: <Pine.BSF.4.10.9911012224120.54551-100000@green.myip.org> <381F4AAD.1D8E6001@algroup.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
> # block low port and NFS UDP but allow outgoing and replies for DNS,
> NTP
> # (and anything else that needs it).
> $fwcmd add pass udp from any to ${ip} 53,123
> $fwcmd add deny udp from any to ${ip} 0-1023,1110,2049
What's special about 1110 and 2049?
Nate
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911022113.OAA25375>