Date: Tue, 12 Jan 1999 04:23:58 -0800 From: "Jan B. Koum " <jkb@best.com> To: "Brian W. Buchanan" <brian@CSUA.Berkeley.EDU>, Patrick Barmentlo <pbm@gateway.barmentlo.net> Cc: security@FreeBSD.ORG Subject: Re: examples rules ipfw Message-ID: <19990112042358.C303@best.com> In-Reply-To: <Pine.BSF.4.05.9901111442510.854-100000@smarter.than.nu>; from Brian W. Buchanan on Mon, Jan 11, 1999 at 02:56:44PM -0800 References: <Pine.BSF.4.05.9901112327400.305-100000@gateway.barmentlo.net> <Pine.BSF.4.05.9901111442510.854-100000@smarter.than.nu>
next in thread | previous in thread | raw e-mail | index | archive | help
[redirect from -hackers to -security] On Mon, Jan 11, 1999 at 02:56:44PM -0800, "Brian W. Buchanan" <brian@CSUA.Berkeley.EDU> wrote: > On Mon, 11 Jan 1999, Patrick Barmentlo wrote: > > > Can someone please point me out to some good examples for the rc.firewall > > file (ipfw )?? > > (with most variant of opties/features...) > > > > i have to set up some filtering, but still having some difficulties with > > it after checking freebsd.org.... > > > add 00501 allow tcp from any to smarter 1024-65535 > > This allows all traffic to ports 1024 through 65535 (to let FTP work > correctly) This is not good! There are way MANY evil things running on ports greater then 1024. Take X windows (6000), take nfsd (2049). Most of the insecure solaris rpc crap runs in that range. This list could go on forever. You would be much better off using passive ftp (ftp -p) then opening up all those holes into your network. Just MHO. -- Yan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990112042358.C303>