From owner-freebsd-current Mon Aug 16 20:43:18 1999 Delivered-To: freebsd-current@freebsd.org Received: from cain.gsoft.com.au (genesi.lnk.telstra.net [139.130.136.161]) by hub.freebsd.org (Postfix) with ESMTP id ED7EA14CC0 for ; Mon, 16 Aug 1999 20:43:09 -0700 (PDT) (envelope-from doconnor@gsoft.com.au) Received: from cain.gsoft.com.au (doconnor@cain [203.38.152.97]) by cain.gsoft.com.au (8.8.8/8.8.8) with ESMTP id NAA00408; Tue, 17 Aug 1999 13:12:27 +0930 (CST) (envelope-from doconnor@gsoft.com.au) Message-ID: X-Mailer: XFMail 1.3 [p0] on FreeBSD X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="_=XFMail.1.3.p0.FreeBSD:990817131226:5835=_"; micalg=pgp-md5; protocol="application/pgp-signature" In-Reply-To: <199908170337.UAA10246@gndrsh.dnsmgr.net> Date: Tue, 17 Aug 1999 13:12:26 +0930 (CST) From: "Daniel O'Connor" To: "Rodney W. Grimes" Subject: Re: Dropping connections without RST Cc: current@FreeBSD.ORG, (Archie Cobbs) Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This message is in MIME format --_=XFMail.1.3.p0.FreeBSD:990817131226:5835=_ Content-Type: text/plain; charset=us-ascii On 17-Aug-99 Rodney W. Grimes wrote: > I kinda like the idea of this, but can't that really just > be done easily with a few ipfw rules, the last two being > the important ones: > > for port in "22 53" ; do > ipfw add allow udp from any to ${myip} ${port} > ipfw add allow udp from ${myip} ${port} to any > ipfw add allow tcp from any to ${myip} ${port} > ipfw add allow tcp from ${myip} ${port} to any > done > ipfw add deny udp from any to ${myip} > ipfw add deny tcp from any to ${myip} > > Why should we special case this? Because this doesn't work for non-passive FTP for starters.. --- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum --_=XFMail.1.3.p0.FreeBSD:990817131226:5835=_ Content-Type: application/pgp-signature -----BEGIN PGP MESSAGE----- Version: 2.6.3ia iQCVAwUBN7jaIlbYW/HEoF9pAQH6QAQAoTmZcUEGXE+v139G4emHdqJovZHgnfK2 ZAuhkFIxRIs+xcEphyKd8F4FMv33W8p8p9X9cVUkMIHB4gOb7emHEO5QBlE+S3wk n9uPSFdHctByiRoCj5n257OsY10MPsaQw7n6N8lE0slyd5vhcX8gdQjzsTZbIps2 swrE48SxhFE= =JHp4 -----END PGP MESSAGE----- --_=XFMail.1.3.p0.FreeBSD:990817131226:5835=_-- End of MIME message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message