From owner-freebsd-security Tue Jun 12 17:24:49 2001 Delivered-To: freebsd-security@freebsd.org Received: from veldy.net (w028.z064001117.msp-mn.dsl.cnc.net [64.1.117.28]) by hub.freebsd.org (Postfix) with ESMTP id 7F4E637B401 for ; Tue, 12 Jun 2001 17:24:46 -0700 (PDT) (envelope-from veldy@visi.com) Received: from cascade (cascade.veldy.net [192.168.1.1]) by veldy.net (Postfix) with SMTP id 14F07BA56; Tue, 12 Jun 2001 19:24:42 -0500 (CDT) Message-ID: <001a01c0f39f$4182e1a0$0101a8c0@cascade> From: "Thomas T. Veldhouse" To: "Antoine Beaupre (LMC)" Cc: References: <657B20E93E93D4118F9700D0B73CE3EA0166D97D@goofy.epylon.lan> <01fe01c0f37e$c5948e10$3028680a@tgt.com> <3B267EDA.9070605@lmc.ericsson.se> Subject: Re: IPFW almost works now. Date: Tue, 12 Jun 2001 19:24:48 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Use stateful rules -- they keep track of that and open the ports dynamically. man ipfw Look for "keep-state" Tom Veldhouse veldy@veldy.net ----- Original Message ----- From: "Antoine Beaupre (LMC)" To: "Thomas T. Veldhouse" Cc: "Jason DiCioccio" ; Sent: Tuesday, June 12, 2001 3:43 PM Subject: Re: IPFW almost works now. > Thomas T. Veldhouse wrote: > > > No you don't. My servers run fine for active and I DON'T allow access to > > all inbound above 1024. > > > But you do need to allow outbound above 1024, right? > > > > Open up tcp/20 and tcp/21 statefully and you will be rocking and rolling. > > > yee-ha. > > > -- > La sémantique est la gravité de l'abstraction. > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message