From owner-freebsd-current Mon Jul 1 05:30:46 1996 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id FAA24228 for current-outgoing; Mon, 1 Jul 1996 05:30:46 -0700 (PDT) Received: from piglet.stins.msk.su (root@piglet.stins.msk.su [194.58.175.1]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id FAA24218 for ; Mon, 1 Jul 1996 05:30:40 -0700 (PDT) Received: (from akolb@localhost) by piglet.stins.msk.su (8.7.5/8.7.3/akolb/260396) id QAA21491; Mon, 1 Jul 1996 16:30:32 +0400 (MSD) Date: Mon, 1 Jul 1996 16:30:32 +0400 (MSD) Message-Id: <199607011230.QAA21491@piglet.stins.msk.su> From: Alexander Kolbasov To: current@freefall.FreeBSD.ORG Subject: Re: IPFW bugs? In-Reply-To: <199606281933.MAA23688@freefall.freebsd.org> References: <199606281933.MAA23688@freefall.freebsd.org> Sender: owner-current@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Nate wrote: > That's the DNS line: > > # Allow NTP stuff through > ipfw add pass all from any 123 to any via $1 > ipfw add pass all from any to any 123 via $1 This rule actually means that anyone with root priviledges on his local host can access any port on your local net. The rule ipfw add pass all from any 123 to any via $1 is thus equivalent to ipfw add pass all from any to any via $1 and in fact it makes the firewall absolutely open. You should not trust any remote information, including port number! - Sasha - __ Alexander Kolbasov.