Date: Sat, 3 Nov 2001 01:15:04 -0500 From: Louis LeBlanc <leblanc+freebsd@keyslapper.org> To: freebsd-questions@FreeBSD.org Subject: installing ports, passive ftp, and a firewall - is this a bad rule? Message-ID: <20011103011503.A5225@keyslapper.org>
next in thread | raw e-mail | index | archive | help
--xHFwDpU9dbj6ez1V Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hey folks. Small firewall/portupgrade question. I have found that when installing a port (I usually do this via portupgrade -RN), I often get ipfw packed blocks, which can make the port install take forever. I have found that adding the following rule often helps: ipfw add xxxx allow ip from any to any out xxxx is usually chosen after examining the ipfw show output. I wedge it in right before all the default deny rules at the end. Now the question: Obviously this is a passive ftp issue, and that rule helps, but is it a good idea to use a rule like that? I don't want to just use it and open up some kind of hole I'm not aware of. Any ideas, opinions, etc. are welcome. TIA Lou --=20 Louis LeBlanc leblanc@keyslapper.org Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org =D4=BF=D4=AC Never worry about theory as long as the machinery does what it's supposed t= o do. -- R. A. Heinlein --xHFwDpU9dbj6ez1V Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE744tneAPWYrNkRWIRArPzAJ4h9oa/JCCOYQTVjoHkDyRKLr8PbACfRLFY uuLYuBaD6gxaneslb6Fjlpw= =H90D -----END PGP SIGNATURE----- --xHFwDpU9dbj6ez1V-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011103011503.A5225>