Date: Sat, 11 Nov 2006 11:33:56 -0800 (PST) From: "R. B. Riddick" <arne_woerner@yahoo.com> To: Dan Lukes <dan@obluda.cz>, freebsd-security@freebsd.org Subject: Re: src/etc/rc.firewall simple ${fw_pass} tcp from any to any established Message-ID: <159176.35953.qm@web30310.mail.mud.yahoo.com> In-Reply-To: <45562245.8070804@obluda.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
--- Dan Lukes <dan@obluda.cz> wrote: > Statefull rules can stop the sophisticated intruder, but are often more > vulnerable to DoS attacks. > > Every method has pros and cons ... > Hmm... U mean, when someone creates a lot of states? At least pf can limit that... But here it looks like just the good guys can create a state (from the good-network via the public network to the trusted web sites), so that states can't hurt, I think... -Arne ____________________________________________________________________________________ Cheap talk? Check out Yahoo! Messenger's low PC-to-Phone call rates. http://voice.yahoo.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?159176.35953.qm>