Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 20 Feb 2001 11:54:31 -0800 (PST)
From:      Nick Sayer <nsayer@FreeBSD.org>
To:        cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   cvs commit: src/etc rc.firewall
Message-ID:  <200102201954.f1KJsV934620@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help
nsayer      2001/02/20 11:54:31 PST

  Modified files:
    etc                  rc.firewall 
  Log:
  Fix some glaring insecurities in the prototype firewall configurations.
  
  pass udp from any 53 to ${oip}
  
  allows an attacker to access ANY local port by simply binding his local
  side to 53. The state keeping mechanism is the correct way to allow DNS
  replies to go back to their source.
  
  Revision  Changes    Path
  1.39      +5 -9      src/etc/rc.firewall


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102201954.f1KJsV934620>