Date: Tue, 24 Oct 2000 22:43:13 -0700 From: "Crist J . Clark" <cjclark@reflexnet.net> To: Mike Hoskins <mike@adept.org> Cc: Andrew Johns <johnsa@kpi.com.au>, peter@sysadmin-inc.com, freebsd-security@FreeBSD.ORG Subject: Re: request for example rc.firewall script Message-ID: <20001024224313.X75251@149.211.6.64.reflexcom.com> In-Reply-To: <20001025034912.7190E9EE01@snafu.adept.org>; from mike@adept.org on Tue, Oct 24, 2000 at 08:49:12PM -0700 References: <20001025034912.7190E9EE01@snafu.adept.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Oct 24, 2000 at 08:49:12PM -0700, Mike Hoskins wrote: > > b) Forget the RFC1918 deny's and only allow specific target IP/ports > > through and explicitly deny everything else. > > My personal favorite, I.e.: > > check-state > allow ip from a.b.c.d to any keep-state > allow ip from x.y.z.z/24 to any keep-state Eep! You've left yourself _very_ vulnerable to spoofing. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001024224313.X75251>