Date: Tue, 18 Jan 2000 11:22:31 -0600 (CST) From: James Wyatt <jwyatt@rwsystems.net> To: Omachonu Ogali <oogali@intranova.net> Cc: Brian Gallucci <briang@expnet.net>, isp@freebsd.org, freebsd-ipfw@freebsd.org Subject: Re: New Firewall Message-ID: <Pine.BSF.4.10.10001181118180.42481-100000@bsdie.rwsystems.net> In-Reply-To: <Pine.BSF.4.10.10001181116020.131-100000@hydrant.intranova.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 18 Jan 2000, Omachonu Ogali wrote: > The following rules can help if you are going to be running SMTP, HTTP, > POP3, and HTTPS, delete what you don't need. [ ... ] > # -- Deny setup of other incoming connections > ipfw add deny tcp from any to any setup > > # -- Deny other incoming IP packets. > ipfw add deny ip from any to any These rules are duplicate, so you can drop the first one. The last rule is commonly the default in /etc/rc.firewall as well. That aside, I might keep the first one and change it to '... deny log ...", thus logging connection attempts. On the other hand, that's what log_in_vain="YES" in /etc/rc.conf is all about... - Jy@ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10001181118180.42481-100000>