Date: Thu, 30 Nov 2000 11:35:15 +0000 From: Rasputin <rasputin@FreeBSD-uk.eu.org> To: freebsd-security@freebsd.org Subject: Re: NATD: failed to write packet back (Permission denied) Message-ID: <20001130113515.A72030@dogma.freebsd-uk.eu.org> In-Reply-To: <14885.22348.875384.616155@nomad.yogotech.com>; from nate@yogotech.com on Wed, Nov 29, 2000 at 12:21:48PM -0700 References: <20001126140033.E70192@149.211.6.64.reflexcom.com> <3A218C5B.9F677E51@FreeBSD.org> <200011270130.UAA88239@khavrinen.lcs.mit.edu> <3A221402.D88321D8@softweyr.com> <14882.49100.131730.989201@nomad.yogotech.com> <3A24AC77.51EF28C@softweyr.com> <200011291507.KAA16392@khavrinen.lcs.mit.edu> <3A253A44.D7EA9113@softweyr.com> <200011291802.NAA17650@khavrinen.lcs.mit.edu> <14885.22348.875384.616155@nomad.yogotech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Nov 29, 2000 at 12:21:48PM -0700, Nate Williams wrote: > > > But you keep saying "on my home machine" and seem to insist that having > > > a single machine on the internet at home is somehow normal. > > > > To a large fraction of the world's population, having a ``home > > machine'' of any kind is out of the ordinary. Most of the people who > > have net access today have only one computer. > > > > In any case, the actual number doesn't make much difference -- the > > same argument (that you are perfectly capable of setting up your > > machines securely) still holds. > > And it involves installing a firewall on it, in case you're > configuration isn't as secure as you'd like it to be. (Because of > forgetfulness, lack of information, etc...) > > Many, many, many home users now have 'full-time' connections to the > internet, which means that accidental misconfigurations can easily be > prevented by using a simple firewall ruleset, such as the one that comes > 'out of the box' with FreeBSD today. Hear hear. There are many network services that don't run from inted/tcp-wrappers/etc, having their own (dubious?) security mechanisms. It's safer to block inbound access to that port if unneeded, especially if you don't have time to wade through cryptic access restiction docs. I trust BSD's TCP stack more than $APPLICATION. And to be blunt, It's *my* 'home PC', so I'll run what the hell I like on it, thanks all the same. If it upsets you, tough. It's not *your* data at risk, is it? Can we pack this thread in now please? -- Rasputin Jack of All Trades :: Master of Nuns To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001130113515.A72030>