Date: Sat, 04 Oct 2003 13:16:18 -0400 From: Chuck Swiger <cswiger@mac.com> To: Roderick van Domburg <r.s.a.vandomburg@student.utwente.nl> Cc: freebsd-ipfw@freebsd.org Subject: Re: When to use setup keyword? Message-ID: <3F7F0062.5000206@mac.com> In-Reply-To: <006b01c38a90$dea3b420$6ba55982@gog> References: <006b01c38a90$dea3b420$6ba55982@gog>
next in thread | previous in thread | raw e-mail | index | archive | help
Roderick van Domburg wrote: > Hello everyone, > > I was pondering if blindly trailing every tcp rule with the 'setup' keyword > would incur any performance loss or security hazard. It would incur a security hazard. Any tool which performs "stealth" scans (ie, such as nmap's default scan mode) would go right past your firewall rules. -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F7F0062.5000206>