From owner-freebsd-questions Thu Sep 21 0:33: 8 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id E53B337B422 for ; Thu, 21 Sep 2000 00:33:05 -0700 (PDT) Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Thu, 21 Sep 2000 00:31:54 -0700 Received: (from cjc@localhost) by 149.211.6.64.reflexcom.com (8.11.0/8.11.0) id e8L7Wes27299; Thu, 21 Sep 2000 00:32:40 -0700 (PDT) (envelope-from cjc) Date: Thu, 21 Sep 2000 00:32:40 -0700 From: "Crist J . Clark" To: Chip Cc: "seafug@dub.net" , "freebsd-questions@freebsd.org" Subject: Re: natd does port forwarding? Message-ID: <20000921003240.B367@149.211.6.64.reflexcom.com> Reply-To: cjclark@alum.mit.edu References: <39C6FCCC.D0103226@wiegand.org> <20000918225104.I367@149.211.6.64.reflexcom.com> <39C70308.EF52766F@wiegand.org> <20000919000233.L367@149.211.6.64.reflexcom.com> <39C84A4B.766B5B24@wiegand.org> <20000919232213.Q367@149.211.6.64.reflexcom.com> <20000920212502.W367@149.211.6.64.reflexcom.com> <39C99DB2.7EBD76BC@wiegand.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <39C99DB2.7EBD76BC@wiegand.org>; from chip@wiegand.org on Wed, Sep 20, 2000 at 10:33:38PM -0700 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, Sep 20, 2000 at 10:33:38PM -0700, Chip wrote: > [Attribution to me lost] > > Not only do you have the distributed "open" firewall running, but you > > must have built a kernel with the, > > > > options IPFIREWALL_DEFAULT_TO_ACCEPT > > > > Which is not recommended. Other than that, no suprises. > > So, is it okay to go back and recompile the kernel without this > option? What effect will that have on my currant set up? None. But when you actually want to build rules to protect your net, default deny is the way to go. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message