Date: Sun, 5 Feb 2012 13:16:35 -0500 From: Eitan Adler <lists@eitanadler.com> To: Bill Tillman <btillman99@yahoo.com> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: Re: HowTo easy use IPFW Message-ID: <CAF6rxgnni93wChmZME-_4DxaCiBt%2BdsvyVd3h2V1L=xpS=%2BZog@mail.gmail.com> In-Reply-To: <1328443513.34131.YahooMailNeo@web36505.mail.mud.yahoo.com> References: <67410574.20120202113314@yandex.ru> <4F2E274F.6000601@freebsd.org> <4F2E2C97.7000400@freebsd.org> <1328443513.34131.YahooMailNeo@web36505.mail.mud.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Feb 5, 2012 at 7:05 AM, Bill Tillman <btillman99@yahoo.com> wrote: > The only truly safe firewall ruleset consists of one rule and that is: > > =C2=A0deny all from any to any This ruleset is potentially a denial of service attack if the system is intended to do certain useful things. You can't talk about "only truly safe firewall ruleset" without also talking about your threat model (and intended functionality). --=20 Eitan Adler
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAF6rxgnni93wChmZME-_4DxaCiBt%2BdsvyVd3h2V1L=xpS=%2BZog>