From owner-freebsd-questions Thu May 24 22:41: 4 2001 Delivered-To: freebsd-questions@freebsd.org Received: from dt051n37.san.rr.com (dt051n37.san.rr.com [204.210.32.55]) by hub.freebsd.org (Postfix) with ESMTP id 478C437B422 for ; Thu, 24 May 2001 22:41:02 -0700 (PDT) (envelope-from DougB@DougBarton.net) Received: from DougBarton.net (master [10.0.0.2]) by dt051n37.san.rr.com (8.9.3/8.9.3) with ESMTP id WAA20914; Thu, 24 May 2001 22:40:41 -0700 (PDT) (envelope-from DougB@DougBarton.net) Message-ID: <3B0DF059.E6E69428@DougBarton.net> Date: Thu, 24 May 2001 22:40:41 -0700 From: Doug Barton Organization: Triborough Bridge & Tunnel Authority X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Ted Mittelstaedt Cc: Steve Price , questions@FreeBSD.ORG Subject: Re: reloading firewall rules remotely References: <000101c0e4d6$7f73be80$1401a8c0@tedm.placo.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Ted Mittelstaedt wrote: > But, most security authorities feel that the explicit deny is > much safer for an Internet firewall. Keep this in mind when > creating your rule set. Hmmm.... I thought I allowed for this possibility in my post, but thank you for beating it thoroughly to death. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message