Date: Tue, 20 Feb 2001 11:54:31 -0800 (PST) From: Nick Sayer <nsayer@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/etc rc.firewall Message-ID: <200102201954.f1KJsV934620@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
nsayer 2001/02/20 11:54:31 PST Modified files: etc rc.firewall Log: Fix some glaring insecurities in the prototype firewall configurations. pass udp from any 53 to ${oip} allows an attacker to access ANY local port by simply binding his local side to 53. The state keeping mechanism is the correct way to allow DNS replies to go back to their source. Revision Changes Path 1.39 +5 -9 src/etc/rc.firewall To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102201954.f1KJsV934620>