From owner-freebsd-questions Fri Nov 2 22:15: 6 2001 Delivered-To: freebsd-questions@freebsd.org Received: from chmls16.mediaone.net (chmls16.mediaone.net [24.147.1.151]) by hub.freebsd.org (Postfix) with ESMTP id 04FFE37B40C for ; Fri, 2 Nov 2001 22:15:04 -0800 (PST) Received: from keyslapper.org (acadia.ne.mediaone.net [65.96.186.69]) by chmls16.mediaone.net (8.11.1/8.11.1) with ESMTP id fA36F3T21683 for ; Sat, 3 Nov 2001 01:15:03 -0500 (EST) Received: (from leblanc@localhost) by keyslapper.org (8.11.6/8.11.6) id fA36F4Q07864 for freebsd-questions@FreeBSD.org; Sat, 3 Nov 2001 01:15:04 -0500 (EST) (envelope-from leblanc) Date: Sat, 3 Nov 2001 01:15:04 -0500 From: Louis LeBlanc To: freebsd-questions@FreeBSD.org Subject: installing ports, passive ftp, and a firewall - is this a bad rule? Message-ID: <20011103011503.A5225@keyslapper.org> Reply-To: freebsd-questions@FreeBSD.org Mail-Followup-To: freebsd-questions@FreeBSD.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="xHFwDpU9dbj6ez1V" Content-Disposition: inline User-Agent: Mutt/1.3.23i X-bright-idea: Lets abolish HTML mail! Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --xHFwDpU9dbj6ez1V Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hey folks. Small firewall/portupgrade question. I have found that when installing a port (I usually do this via portupgrade -RN), I often get ipfw packed blocks, which can make the port install take forever. I have found that adding the following rule often helps: ipfw add xxxx allow ip from any to any out xxxx is usually chosen after examining the ipfw show output. I wedge it in right before all the default deny rules at the end. Now the question: Obviously this is a passive ftp issue, and that rule helps, but is it a good idea to use a rule like that? I don't want to just use it and open up some kind of hole I'm not aware of. Any ideas, opinions, etc. are welcome. TIA Lou --=20 Louis LeBlanc leblanc@keyslapper.org Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org =D4=BF=D4=AC Never worry about theory as long as the machinery does what it's supposed t= o do. -- R. A. Heinlein --xHFwDpU9dbj6ez1V Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE744tneAPWYrNkRWIRArPzAJ4h9oa/JCCOYQTVjoHkDyRKLr8PbACfRLFY uuLYuBaD6gxaneslb6Fjlpw= =H90D -----END PGP SIGNATURE----- --xHFwDpU9dbj6ez1V-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message