From owner-freebsd-security Sun Nov 26 17:30:24 2000 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 2791437B4CF; Sun, 26 Nov 2000 17:30:18 -0800 (PST) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id UAA88239; Sun, 26 Nov 2000 20:30:17 -0500 (EST) (envelope-from wollman) Date: Sun, 26 Nov 2000 20:30:17 -0500 (EST) From: Garrett Wollman Message-Id: <200011270130.UAA88239@khavrinen.lcs.mit.edu> To: Doug Barton Cc: freebsd-security@FreeBSD.ORG Subject: Re: NATD: failed to write packet back (Permission denied) In-Reply-To: <3A218C5B.9F677E51@FreeBSD.org> References: <001701c057c4$1e1ac010$0200a8c0@n2> <20001126110756.C34151@149.211.6.64.reflexcom.com> <000b01c057dd$f9423ab0$0200a8c0@n2> <20001126113720.A70192@149.211.6.64.reflexcom.com> <3A2183E7.6039C582@FreeBSD.org> <20001126140033.E70192@149.211.6.64.reflexcom.com> <3A218C5B.9F677E51@FreeBSD.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > allow udp from any to any out > But that's for my private home network. I trust myself to only send out > useful, productive packets. :) I must admit to being puzzled by home firewalls, at least among this group of people. If you've got some promiscuous operating system from Washington State running, I can somewhat understand doing that. If you just have a single machine, which is under your direct control, then doing packet filtering is just silly. If your machine is properly configured and secured, filtering out packets which would otherwise be thrown away anyway serves no useful purpose. (If the bandwidth potentially wasted matters to you, that's a problem you have to deal with at the upstream side anyway.) -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message