Date: Sun, 26 Nov 2000 20:30:17 -0500 (EST) From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> To: Doug Barton <DougB@FreeBSD.ORG> Cc: freebsd-security@FreeBSD.ORG Subject: Re: NATD: failed to write packet back (Permission denied) Message-ID: <200011270130.UAA88239@khavrinen.lcs.mit.edu> In-Reply-To: <3A218C5B.9F677E51@FreeBSD.org> References: <001701c057c4$1e1ac010$0200a8c0@n2> <20001126110756.C34151@149.211.6.64.reflexcom.com> <000b01c057dd$f9423ab0$0200a8c0@n2> <20001126113720.A70192@149.211.6.64.reflexcom.com> <3A2183E7.6039C582@FreeBSD.org> <20001126140033.E70192@149.211.6.64.reflexcom.com> <3A218C5B.9F677E51@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Sun, 26 Nov 2000 14:19:07 -0800, Doug Barton <DougB@FreeBSD.ORG> said: > allow udp from any to any out > But that's for my private home network. I trust myself to only send out > useful, productive packets. :) I must admit to being puzzled by home firewalls, at least among this group of people. If you've got some promiscuous operating system from Washington State running, I can somewhat understand doing that. If you just have a single machine, which is under your direct control, then doing packet filtering is just silly. If your machine is properly configured and secured, filtering out packets which would otherwise be thrown away anyway serves no useful purpose. (If the bandwidth potentially wasted matters to you, that's a problem you have to deal with at the upstream side anyway.) -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011270130.UAA88239>