Date: Wed, 18 Sep 1996 18:25:19 +1000 (EST) From: "Daniel O'Callaghan" <danny@panda.hilink.com.au> To: David Nugent <davidn@sdev.blaze.net.au> Cc: hackers@freebsd.org, security@freebsd.org Subject: Re: Could use a favor Message-ID: <Pine.BSF.3.91.960918175734.3641B-100000@panda.hilink.com.au> In-Reply-To: <Pine.BSF.3.95.960918160936.2777O-100000@sdev.blaze.net.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 18 Sep 1996, David Nugent wrote: > I'm familiar with the theory of firewalls, but have never run > one so I lack the experience to fully understand this. But this > reply caught my attention. > > Why is an (effectively) disabled firewall "dangerous"? Is it more > "dangerous" or exposed to security problems than a machine that > has been configured without a firewall at all? > > It's just that it seems that limited firewalls are quite usful - > particularly for port redirection and so forth, and in particular > for preventing outgoing and incoming spam-email abusers. If > putting the firewall in place without being full enabled is > "dangerous", then I certainly want to know just how dangerous > that is before I go ahead and do it. I think it is simply a matter of if you configure IPFIREWALL into the kernel and then believe you are protected, then it is dangerous. Ugen's ipfw originally had default policy open; Poul-Henning changed this to closed when he did a code revamp. I think Poul-Henning has done the right thing, but it is a bit confusing when one meets a "Permission denied" error when trying to ping another machine. Hence my submission of some minor mods to netstart and sysconfig which tell the user what s/he has done wrong. Danny
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960918175734.3641B-100000>