Date: Wed, 18 Sep 1996 17:17:20 +0930 (CST) From: Peter Childs <pjchilds@imforei.apana.org.au> To: davidn@sdev.blaze.net.au, freebsd-security@freebsd.org Subject: Re: Could use a favor Message-ID: <199609180747.RAA07256@al.imforei.apana.org.au>
next in thread | raw e-mail | index | archive | help
In article <Pine.BSF.3.95.960918160936.2777O-100000@sdev.blaze.net.au> you wrote: : >Sure there is: : > : >By default all is off. To open (dangerous!!!) : I'm familiar with the theory of firewalls, but have never run : one so I lack the experience to fully understand this. But this : reply caught my attention. : Why is an (effectively) disabled firewall "dangerous"? Is it more : "dangerous" or exposed to security problems than a machine that : has been configured without a firewall at all? No. With the firewall code totally disabled the machine is identical to a machine without firewalling implace. The person above is trying to state that by default all is off, as in all packets are denyed. The reason their is a default policy for denying all packets is for those people who use the firewalling features. Consider the situation where you are using a machine running freebsd on a machine as part of your firewall. You only want selective packets to be passed. If your machine boots up with a default policy of "let everything through" then for the time between your interface being initilized/configured and your rules being enforced/entered you've just made a large hole in your security. Regards, Peter -- Peter Childs --- http://www.imforei.apana.org.au/~pjchilds Finger pjchilds@al.imforei.apana.org.au for public PGP key Drag me, drop me, treat me like an object!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199609180747.RAA07256>