From owner-freebsd-current@FreeBSD.ORG Mon Oct 13 15:38:00 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2C5AAAA6 for ; Mon, 13 Oct 2014 15:38:00 +0000 (UTC) Received: from mx1.scaleengine.net (beauharnois2.bhs1.scaleengine.net [142.4.218.15]) by mx1.freebsd.org (Postfix) with ESMTP id 057AB322 for ; Mon, 13 Oct 2014 15:37:59 +0000 (UTC) Received: from [192.168.1.2] (Seawolf.HML3.ScaleEngine.net [209.51.186.28]) (Authenticated sender: allanjude.freebsd@scaleengine.com) by mx1.scaleengine.net (Postfix) with ESMTPSA id 071F026BE9 for ; Mon, 13 Oct 2014 15:37:52 +0000 (UTC) Message-ID: <543BF1D4.5060403@freebsd.org> Date: Mon, 13 Oct 2014 11:37:56 -0400 From: Allan Jude User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.1.2 MIME-Version: 1.0 To: freebsd-current@freebsd.org Subject: Re: Proposal for adding "firewall_myservices_udp" in etc/rc.conf References: In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="pJ2meS2w1JSmOi83bNcdHBbacQQsmKQ9O" X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Oct 2014 15:38:00 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --pJ2meS2w1JSmOi83bNcdHBbacQQsmKQ9O Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 2014-10-10 16:38, Olivier Cochard-Labb=E9 wrote: > For a simple workstation, we can use this simple configuration in > /etc/rc.conf: > firewall_type=3D"workstation" > firewall_enable=3D"YES" > firewall_myservices=3D"22,80" > firewall_allowservices=3D"any" >=20 > But the firewall_myservices allows only TCP services. > It's not possible to declare UDP services (like a torrent client). >=20 > This patch propose to add UDP services by 2 changes: > 1. firewall_myservices became a deprecated alias, the new is > firewall_myservices_tcp > 2. A new firewall_myservices_udp variable is added. >=20 > Patch attached to PR194292: > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D194292 >=20 > What do you think ? > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.o= rg" >=20 I see this as quite reasonable. I'll add some notes about it to the handbook if the patch is accepted. --=20 Allan Jude --pJ2meS2w1JSmOi83bNcdHBbacQQsmKQ9O Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJUO/HXAAoJEJrBFpNRJZKfps0QAK+kVRQ2ZvNWKtbYvanV6J+y kbvnHPL9llVcrJIHC7NOmE0aZ+MdaZMmjtRubqtdlxaItwU6t17G/Qdr/Hjx879z 8BTmM1reHaS9oWPj/j+m25Pc0lJBNtk/Vp5g4Cvces85xF12/dEC+mqmHp6jhFFy iWL/HVkLSlD1KP0raLGB0wuQ58vUWlSIfhSqT2voIrxT2MjJ24r//Hpcm9QFUnqE cFR9kWQjQzKWwQ+eb5zLWnj/6o34NnswozPSjjJ8qh+0Jz3Yp+6s2fNritDjahxa 5VYgXho8MatHceKdY8zKuRxp4sYhQCBuIw9K9ggsMdkT51hfJJFz8PCH/RRDOYGr dfaVjNC/4IGs+HfVv/F8vXmgd+kP2r4ONXGBVaNWFpoqqPCX10Zfp/pSKOEuWXpe sCR+WcIh4od0jhvtKCUQG99kaCP/N34IDbtijoLZ8fxUuwpWmI23ExMyDbWD9g2b wNoelPBkJqXnMqZtcoY6CvW5dzymeKps+VOL6NeXvKueAF4BKCp8vEL0yg5y8U7g zUMKx+SzgZfF2jZm9Z+mY831GPV28H/2UL9YIfP6v8hwFwTI8y35mMvuMUsTU1ix rSm+b5H+llCPZ/ywFB2EA7pLr1EJIWAPLnSfMP01VpJNJVyTuu4CAd2VsYUdiigM ixqK3rdwKtgXPeO8N6sZ =Hlh4 -----END PGP SIGNATURE----- --pJ2meS2w1JSmOi83bNcdHBbacQQsmKQ9O--