Date: Sun, 9 Dec 2018 12:37:36 -0600 From: Tim Daneliuk <tundra@tundraware.com> To: Michael Sierchio <kudzu@tenebras.com>, FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Change IPFW default to allow Message-ID: <5ad099ae-6328-5cce-cc59-f0bf0245ca64@tundraware.com> In-Reply-To: <CAHu1Y72L4yrgz_v5qS_vwdu3z1AeLaqHyM7NWOkrkJyNZODNDg@mail.gmail.com> References: <5C0D594C.2060407@gmail.com> <5C0D5BAB.5040404@gmail.com> <CAHu1Y72L4yrgz_v5qS_vwdu3z1AeLaqHyM7NWOkrkJyNZODNDg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/9/18 12:29 PM, Michael Sierchio wrote: > Default to accept merely means that the default rule - rule 65535 - permits > all traffic. Also a good point. The risk is directly proportional to how many open ports exist on the machine in the first place. For many years I ran a NATDing boundary machine with NO firewall. The very few things that were actually up and listening were all managed via hosts.allow entries and THAT defaulted do Do Not Allow. In over a decade of running this way, that machine was never even slightly compromised... -- ---------------------------------------------------------------------------- Tim Daneliuk tundra@tundraware.com PGP Key: http://www.tundraware.com/PGP/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5ad099ae-6328-5cce-cc59-f0bf0245ca64>