Date: Tue, 20 Feb 2001 11:54:31 -0800 (PST) From: Nick Sayer <nsayer@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/etc rc.firewall Message-ID: <200102201954.f1KJsV934620@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
nsayer 2001/02/20 11:54:31 PST
Modified files:
etc rc.firewall
Log:
Fix some glaring insecurities in the prototype firewall configurations.
pass udp from any 53 to ${oip}
allows an attacker to access ANY local port by simply binding his local
side to 53. The state keeping mechanism is the correct way to allow DNS
replies to go back to their source.
Revision Changes Path
1.39 +5 -9 src/etc/rc.firewall
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102201954.f1KJsV934620>