Date: Wed, 18 Sep 1996 16:14:38 +0000 () From: David Nugent <davidn@sdev.blaze.net.au> To: Ollivier Robert <roberto@keltia.freenix.fr> Cc: hackers@freebsd.org, security@freebsd.org Subject: Re: Could use a favor Message-ID: <Pine.BSF.3.95.960918160936.2777O-100000@sdev.blaze.net.au> In-Reply-To: <199609161856.UAA03226@keltia.freenix.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 16 Sep 1996, Ollivier Robert wrote: >> The only conclusion I have come at is that it is to allow only things >> that you especially allow to happen... The bad thing is that there is no >> switch to switch the firewall on/off. You compile a new kernel with the >> option for firewall and suddenly it accepts nothing over the network. > >Sure there is: > >By default all is off. To open (dangerous!!!) > >ipfw add 65000 pass all from any to any > >To close it again: > >ipfw delete 65000 I'm familiar with the theory of firewalls, but have never run one so I lack the experience to fully understand this. But this reply caught my attention. Why is an (effectively) disabled firewall "dangerous"? Is it more "dangerous" or exposed to security problems than a machine that has been configured without a firewall at all? It's just that it seems that limited firewalls are quite usful - particularly for port redirection and so forth, and in particular for preventing outgoing and incoming spam-email abusers. If putting the firewall in place without being full enabled is "dangerous", then I certainly want to know just how dangerous that is before I go ahead and do it. David Nugent, Unique Computing Pty Ltd - Melbourne, Australia Voice +61-3-791-9547 Data/BBS +61-3-792-3507 3:632/348@fidonet davidn@blaze.net.au http://www.blaze.net.au/~davidn
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.960918160936.2777O-100000>