From owner-freebsd-security Fri Jul 7 17: 5:39 2000 Delivered-To: freebsd-security@freebsd.org Received: from stud.alakhawayn.ma (stud.alakhawayn.ma [193.194.63.94]) by hub.freebsd.org (Postfix) with ESMTP id D84D437BD1E for ; Fri, 7 Jul 2000 17:05:18 -0700 (PDT) (envelope-from 961BE653994@stud.alakhawayn.ma) Received: from localhost (961BE653994@localhost) by stud.alakhawayn.ma (8.9.0/8.9.0) with SMTP id XAA08404; Fri, 7 Jul 2000 23:57:44 GMT Date: Fri, 7 Jul 2000 23:57:44 +0000 (GMT) From: Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma> To: Harold Gutch Cc: openzero@bsdmail.com, freebsd-security@FreeBSD.ORG Subject: Re: Firewalls and the endless story! In-Reply-To: <20000707225520.B25629@foobar.franken.de> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hey Hey,=20 I like FreeBSD, I do not allow anybody to say anything bad about it ok=20 You Better Watch out=20 with FreeBSD okAY On Fri, 7 Jul 2000, Harold Gutch wrote: > On Thu, Jul 06, 2000 at 12:26:24PM +0100, openzero@bsdmail.com wrote: > > > On Wed, Jul 05, 2000 at 03:57:22PM -0500, Chris Dillon wrote: > > >=20 > > >=20 > > > Yes, and the original poster demonstrated even further stupidity > > > by adding a proprietary product (SecureBSD 1.0) into the mix and > > > then expect that we support it. > > >=20 > > > "Works for me." > > >=20 > >=20 > > Yeah! > > Thanks for the wonderful word "stupidity", but hey! > > I think, after using FreeBSD-2.2.8, FreeBSD-3.4, > > FreeBSD-4.0, that FreeBSD-2.2.8-STABLE is the best > > for MYSELF! What you do, is not by business! > > You are an architect! Are these the only words > > you can use? I know, that SecureBSD isn't supported > > by FreeBSD.org, coz it's not a product of > > FreeBSD.org and it's only a preview! > >=20 > > (German: Als Architekt h=E4tte ich schon mal gerne > > eine gehobenere Ausdrucksweise erwartet und > > keine Kindergartenbegr=FCndungen wie: das ist doof! > > Um unwiederst=E4ndlich klarzumachen: Ich stehe unter > > gro=DFem Zeitdruck und bisher konnte mir noch kein > > Mensch einen wirklich guten Tip geben! Das stellt mich > > unter Spannung, was solche Ausdrucksweisen nat=FCrlich noch mehr aggres= siv macht!) >=20 > Perhaps your spelling ("coz", "rulez" etc.) is the reason for > people being "ignorant" towards you. For me that - and the lack > of a realname in your mail's headers - were two reasons (among > others like lack of time and interest) to never even consider > replying to your mails. > Anyway (see below), somebody already gave you a correct answer in > the last thread you started. If the problem still persisted > after that, you could/should have stated so. >=20 > Show maturity in your mails and people will answer maturely. >=20 >=20 > >From your IPFW-configuration: >=20 > > $fwcmd add allow log tcp from any to any 21 setup > > $fwcmd add allow log tcp from any 20 to any setup # really needed ????? >=20 > The last rule above won't get you any closer to anonymous FTP on > your machine. What you'd need, is something like: >=20 > $fwcmd add allow log tcp from any to $MYIP 20 > $fwcmd add allow log tcp from $MYIP 20 to any >=20 > where the first one lets "passive" FTP-packets pass and the second > one "active" FTP-packets. > As Manfredi Blasucci already replied to your last mail, the > "setup" keyword was the problem. >=20 > In fact, I guess you might even be able to limit the remote > port-ranges to a few thousand ports somewhere in the range of > port 44000 (that should be mentioned in the ftpd manpage). >=20 >=20 > bye, > Harold >=20 > --=20 > Someone should do a study to find out how many human life spans have > been lost waiting for NT to reboot. > Ken Deboy on Dec 24 1999 in comp.unix.bsd.freebsd.misc >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message >=20 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message