Date: Mon, 31 Oct 2005 17:43:55 +0200 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: Eric F Crist <ecrist@secure-computing.net> Cc: andy@neu.net, freebsd-questions@freebsd.org, freebsd-mobile@freebsd.org Subject: Re: laptop firewall rules Message-ID: <20051031154355.GA10357@flame.pc> In-Reply-To: <20051031144541.GB2122@flame.pc> References: <Pine.LNX.4.56.0510301731420.20733@Mira.dandy.net> <F4A7C5AB-A8D1-4E46-A7E0-F1FD95E64ABC@secure-computing.net> <20051031144541.GB2122@flame.pc>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2005-10-31 16:45, Giorgos Keramidas <keramida@ceid.upatras.gr> wrote: >On 2005-10-30 18:23, Eric F Crist <ecrist@secure-computing.net> wrote: >>On Oct 30, 2005, at 4:41 PM, andy@neu.net wrote: >>> Does anyone have a good example of a firewall ruleset for a >>> wireless interface in a laptop, or a pointer to documentation? >>> I want to use IPFilter on 6.0 rc1. I want to let all >>> connections out and keep state, but block all incoming from >>> the outside. >> >> That ruleset is easy: >> >> ipfw add check-state >> ipfw add allow tcp from me to any setup keep-state >> ipfw add allow tcp from any to any established >> ipfw add deny from any to me in > > No, please! > > If you are using "keep-state", when "allow all established" is > hardly ever a good idea. "when" = "then", of course.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051031154355.GA10357>