Date: Fri, 19 Jul 2002 22:42:25 +0200 (CEST) From: "=?iso-8859-1?Q?Arvinn_L=F8kkebakken?=" <arvinn@whitebird.no> To: <Mark.Andrews@isc.org> Cc: <bart@dreamflow.nl>, <markd@cogeco.ca>, <security@FreeBSD.ORG> Subject: Re: ipfw and it's glory... Message-ID: <4210.217.118.33.65.1027111345.squirrel@everlast.whitebird.no> In-Reply-To: <200207170729.g6H7TtJe081341@drugs.dv.isc.org> References: Your message of "Wed, 17 Jul 2002 09:03:49 %2B0200." <200207170729.g6H7TtJe081341@drugs.dv.isc.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>> # Allow "local" traffic >> ipfw add allow all from any to any via lo0 >> >> # Allow all outgoing trafic >> ipfw add allow all from any to any out > > This is a bad idea. You should only allow out what you > will accept back in. If you don't you will eventually be > guilty of pounding some poor server because you havn't > allowed the answers to come back. I can't see why that's a bad idea. ipfw does allow tcp ACK back through the firewall doesn't it? What do you mean only allow out what will accept in? The source and destinations ports never have the same port numbers anyway. Arvinn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4210.217.118.33.65.1027111345.squirrel>