Date: Tue, 17 Aug 1999 13:12:26 +0930 (CST) From: "Daniel O'Connor" <doconnor@gsoft.com.au> To: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> Cc: current@FreeBSD.ORG, (Archie Cobbs) <archie@whistle.com> Subject: Re: Dropping connections without RST Message-ID: <XFMail.990817131226.doconnor@gsoft.com.au> In-Reply-To: <199908170337.UAA10246@gndrsh.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
On 17-Aug-99 Rodney W. Grimes wrote:
> I kinda like the idea of this, but can't that really just
> be done easily with a few ipfw rules, the last two being
> the important ones:
>
> for port in "22 53" ; do
> ipfw add allow udp from any to ${myip} ${port}
> ipfw add allow udp from ${myip} ${port} to any
> ipfw add allow tcp from any to ${myip} ${port}
> ipfw add allow tcp from ${myip} ${port} to any
> done
> ipfw add deny udp from any to ${myip}
> ipfw add deny tcp from any to ${myip}
>
> Why should we special case this?
Because this doesn't work for non-passive FTP for starters..
---
Daniel O'Connor software and network engineer
for Genesis Software - http://www.gsoft.com.au
"The nice thing about standards is that there
are so many of them to choose from."
-- Andrew Tanenbaum
[-- Attachment #2 --]
-----BEGIN PGP MESSAGE-----
Version: 2.6.3ia
iQCVAwUBN7jaIlbYW/HEoF9pAQH6QAQAoTmZcUEGXE+v139G4emHdqJovZHgnfK2
ZAuhkFIxRIs+xcEphyKd8F4FMv33W8p8p9X9cVUkMIHB4gOb7emHEO5QBlE+S3wk
n9uPSFdHctByiRoCj5n257OsY10MPsaQw7n6N8lE0slyd5vhcX8gdQjzsTZbIps2
swrE48SxhFE=
=JHp4
-----END PGP MESSAGE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.990817131226.doconnor>