Date: Thu, 02 Dec 1999 22:11:47 +0000 From: Adam Laurie <adam@algroup.co.uk> To: John Baldwin <jhb@FreeBSD.org> Cc: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>, freebsd-security@FreeBSD.org Subject: Re: rc.firewall revisited Message-ID: <3846EEA3.4149158F@algroup.co.uk> References: <199912021817.NAA54042@server.baldwin.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
John Baldwin wrote:
>
> On 02-Dec-99 Rodney W. Grimes wrote:
> > ...
> >> >
> >> > # Allow all outgoing UDP
> >> > $fwcmd add pass udp from any to any
> >
> > The comment for this does not match what the rule actually does,
> > this rule has not ``outgoing'' about it at all....
>
> Grrr.. perhaps this would be better:
>
> $fwcmd add pass udp from ${ip} to any
No... that would break all UDP replies. It was any to any to allow in
and out, since we've already blocked what we're worried about.
cheers,
Adam
--
Adam Laurie Tel: +44 (181) 742 0755
A.L. Digital Ltd. Fax: +44 (181) 742 5995
Voysey House
Barley Mow Passage http://www.aldigital.co.uk
London W4 4GB mailto:adam@algroup.co.uk
UNITED KINGDOM PGP key on keyservers
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3846EEA3.4149158F>