Date: Tue, 12 Jun 2001 19:24:48 -0500 From: "Thomas T. Veldhouse" <veldy@visi.com> To: "Antoine Beaupre (LMC)" <Antoine.Beaupre@ericsson.ca> Cc: <freebsd-security@freebsd.org> Subject: Re: IPFW almost works now. Message-ID: <001a01c0f39f$4182e1a0$0101a8c0@cascade> References: <657B20E93E93D4118F9700D0B73CE3EA0166D97D@goofy.epylon.lan> <01fe01c0f37e$c5948e10$3028680a@tgt.com> <3B267EDA.9070605@lmc.ericsson.se>
next in thread | previous in thread | raw e-mail | index | archive | help
Use stateful rules -- they keep track of that and open the ports dynamically. man ipfw Look for "keep-state" Tom Veldhouse veldy@veldy.net ----- Original Message ----- From: "Antoine Beaupre (LMC)" <Antoine.Beaupre@ericsson.ca> To: "Thomas T. Veldhouse" <veldy@veldy.net> Cc: "Jason DiCioccio" <Jason.DiCioccio@Epylon.com>; <freebsd-security@FreeBSD.ORG> Sent: Tuesday, June 12, 2001 3:43 PM Subject: Re: IPFW almost works now. > Thomas T. Veldhouse wrote: > > > No you don't. My servers run fine for active and I DON'T allow access to > > all inbound above 1024. > > > But you do need to allow outbound above 1024, right? > > > > Open up tcp/20 and tcp/21 statefully and you will be rocking and rolling. > > > yee-ha. > > > -- > La sémantique est la gravité de l'abstraction. > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001a01c0f39f$4182e1a0$0101a8c0>