Date: Mon, 29 Nov 2004 17:13:44 +0200 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: Jonathon McKitrick <jcm@FreeBSD-uk.eu.org> Cc: freebsd-questions@freebsd.org Subject: Re: Is this a hole in my firewall? Message-ID: <20041129151344.GA5368@orion.daedalusnetworks.priv> In-Reply-To: <20041129144458.GA69798@dogma.freebsd-uk.eu.org> References: <20041127215612.GA86416@dogma.freebsd-uk.eu.org> <20041128013135.GD662@gothmog.gr> <20041128044847.GA1435@dogma.freebsd-uk.eu.org> <20041128122741.GB43088@gothmog.gr> <20041129113020.GA72673@ei.bzerk.org> <20041129132114.GA66047@dogma.freebsd-uk.eu.org> <20041129140930.GA73929@ei.bzerk.org> <20041129144458.GA69798@dogma.freebsd-uk.eu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2004-11-29 14:44, Jonathon McKitrick <jcm@FreeBSD-uk.eu.org> wrote:
> On Mon, Nov 29, 2004 at 03:09:30PM +0100, Ruben de Groot wrote:
> : Your laptop won't be "exposed" by this. You could however finetune your
> : ruleset a little bit by modifying rule 300 to something like:
> :
> : allow ip from ${INTERNAL_NET} to any keep-state out xmit tun0
> :
> : where INTERNAL_NET would be e.g. 192.168.0.0/24
>
> Should I also run a firewall on the laptop then, since all traffic to the
> laptop is allowed to pass?
Probably, irrelevant to the original question, but...
In general, it's not a bad idea. You won't have to "remember" to turn
on firewalling when the laptop is connected to a different network; one
that shouldn't really be trusted so much.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041129151344.GA5368>