From owner-freebsd-security  Tue Nov  2 13:13:49 1999
Delivered-To: freebsd-security@freebsd.org
Received: from ns.mt.sri.com (ns.mt.sri.com [206.127.79.91])
	by hub.freebsd.org (Postfix) with ESMTP id 0C0DC14C35
	for <security@FreeBSD.ORG>; Tue,  2 Nov 1999 13:13:44 -0800 (PST)
	(envelope-from nate@mt.sri.com)
Received: from mt.sri.com (rocky.mt.sri.com [206.127.76.100])
	by ns.mt.sri.com (8.9.3/8.9.3) with SMTP id OAA02734;
	Tue, 2 Nov 1999 14:13:43 -0700 (MST)
	(envelope-from nate@rocky.mt.sri.com)
Received: by mt.sri.com (SMI-8.6/SMI-SVR4)
	id OAA25375; Tue, 2 Nov 1999 14:13:42 -0700
Date: Tue, 2 Nov 1999 14:13:42 -0700
Message-Id: <199911022113.OAA25375@mt.sri.com>
From: Nate Williams <nate@mt.sri.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
To: Adam Laurie <adam@algroup.co.uk>
Cc: Group Paranoia <security@FreeBSD.ORG>
Subject: Re: hole(s) in default rc.firewall rules
In-Reply-To: <381F4AAD.1D8E6001@algroup.co.uk>
References: <Pine.BSF.4.10.9911012224120.54551-100000@green.myip.org>
	<381F4AAD.1D8E6001@algroup.co.uk>
X-Mailer: VM 6.34 under 19.16 "Lille" XEmacs Lucid
Reply-To: nate@mt.sri.com (Nate Williams)
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

>     # block low port and NFS UDP but allow outgoing and replies for DNS,
> NTP
>     # (and anything else that needs it).
>     $fwcmd add pass udp from any to ${ip} 53,123
>     $fwcmd add deny udp from any to ${ip} 0-1023,1110,2049

What's special about 1110 and 2049?


Nate


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message