From owner-freebsd-questions@FreeBSD.ORG  Fri Jul  4 05:35:53 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 30ED537B401
	for <freebsd-questions@freebsd.org>;
	Fri,  4 Jul 2003 05:35:53 -0700 (PDT)
Received: from relay1.ntu-kpi.kiev.ua (oberon.ntu-kpi.kiev.ua
	[195.245.194.35])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5915143FE9
	for <freebsd-questions@freebsd.org>;
	Fri,  4 Jul 2003 05:35:42 -0700 (PDT)
	(envelope-from simon@comsys.ntu-kpi.kiev.ua)
Received: from comsys.ntu-kpi.kiev.ua (eth0.comsys.ntu-kpi.kiev.ua
	[10.0.1.184])	by relay1.ntu-kpi.kiev.ua (Postfix) with ESMTP
	id 3DDB11A2D5; Fri,  4 Jul 2003 15:35:18 +0300 (EEST)
Received: from pm514-9.comsys.ntu-kpi.kiev.ua (pm514-9.comsys.ntu-kpi.kiev.ua
	[10.18.54.109])
	by comsys.ntu-kpi.kiev.ua (8.11.6/8.11.6) with ESMTP id h64CeBv07530;
	Fri, 4 Jul 2003 15:40:11 +0300 (EEST)
Received: by pm514-9.comsys.ntu-kpi.kiev.ua (Postfix, from userid 1000)
	id 063E020F; Fri,  4 Jul 2003 15:34:34 +0300 (EEST)
From: Andrey Simonenko <simon@comsys.ntu-kpi.kiev.ua>
To: Dan Phiffer <dphiffer@hmc.edu>
In-Reply-To: <Pine.LNX.4.33.0307021429340.22146-100000@odin.ac.hmc.edu.lucky.freebsd.questions>
X-Newsgroups: lucky.freebsd.questions
User-Agent: tin/1.5.18-20030602 ("Darts") (UNIX) (FreeBSD/4.8-STABLE (i386))
Message-Id: <20030704123434.063E020F@pm514-9.comsys.ntu-kpi.kiev.ua>
Date: Fri,  4 Jul 2003 15:34:34 +0300 (EEST)
cc: freebsd-questions@freebsd.org
Subject: Re: ipfw troubles
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Jul 2003 12:35:53 -0000

On Thu, 3 Jul 2003 00:02:17 +0000 (UTC) in lucky.freebsd.questions, Dan Phiffer wrote:
> I guess this means I'm not serving DHCP - what kind of rule would fix
> that? I read somewhere that simply using natd adds statefulness to an
> otherwise stateless ipfw configuration. Would an unstateful ipfw setup be
> less secure in this case?
> 

It is always a good thing to add last ``deny'' rule with ``log'', so
you can see which packets are denied by the Firewall.