From owner-freebsd-security Thu Dec 2 14:13:58 1999 Delivered-To: freebsd-security@freebsd.org Received: from eastwood.aldigital.algroup.co.uk (eastwood.aldigital.algroup.co.uk [194.128.162.193]) by hub.freebsd.org (Postfix) with ESMTP id 324C614F24; Thu, 2 Dec 1999 14:13:53 -0800 (PST) (envelope-from adam@algroup.co.uk) Received: from algroup.co.uk ([192.168.192.2]) by eastwood.aldigital.algroup.co.uk (8.8.8/8.6.12) with ESMTP id WAA01201; Thu, 2 Dec 1999 22:11:46 GMT Message-ID: <3846EEA3.4149158F@algroup.co.uk> Date: Thu, 02 Dec 1999 22:11:47 +0000 From: Adam Laurie X-Mailer: Mozilla 4.7 [en-gb] (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: John Baldwin Cc: "Rodney W. Grimes" , freebsd-security@FreeBSD.org Subject: Re: rc.firewall revisited References: <199912021817.NAA54042@server.baldwin.cx> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org John Baldwin wrote: > > On 02-Dec-99 Rodney W. Grimes wrote: > > ... > >> > > >> > # Allow all outgoing UDP > >> > $fwcmd add pass udp from any to any > > > > The comment for this does not match what the rule actually does, > > this rule has not ``outgoing'' about it at all.... > > Grrr.. perhaps this would be better: > > $fwcmd add pass udp from ${ip} to any No... that would break all UDP replies. It was any to any to allow in and out, since we've already blocked what we're worried about. cheers, Adam -- Adam Laurie Tel: +44 (181) 742 0755 A.L. Digital Ltd. Fax: +44 (181) 742 5995 Voysey House Barley Mow Passage http://www.aldigital.co.uk London W4 4GB mailto:adam@algroup.co.uk UNITED KINGDOM PGP key on keyservers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message