From owner-freebsd-security Sun Nov 26 20:28: 8 2000 Delivered-To: freebsd-security@freebsd.org Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2]) by hub.freebsd.org (Postfix) with ESMTP id 797D837B479; Sun, 26 Nov 2000 20:28:04 -0800 (PST) Received: from bsdie.rwsystems.net([209.197.223.2]) (1683 bytes) by bsdie.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Sun, 26 Nov 2000 22:27:14 -0600 (CST) (Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Jun-25) Date: Sun, 26 Nov 2000 22:27:12 -0600 (CST) From: James Wyatt To: Garrett Wollman Cc: Doug Barton , freebsd-security@FreeBSD.ORG Subject: Re: NATD: failed to write packet back (Permission denied) In-Reply-To: <200011270130.UAA88239@khavrinen.lcs.mit.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 26 Nov 2000, Garrett Wollman wrote: > < said: > > But that's for my private home network. I trust myself to only send out > > useful, productive packets. :) > > I must admit to being puzzled by home firewalls, at least among this > group of people. If you've got some promiscuous operating system from > Washington State running, I can somewhat understand doing that. If > you just have a single machine, which is under your direct control, > then doing packet filtering is just silly. If your machine is > properly configured and secured, filtering out packets which would > otherwise be thrown away anyway serves no useful purpose. (If the [ ... ] Some of us set our home networks (really small office) to use this stuff so that when we build a "real" (for money and protecting another company) we know how everything operates and have something to compare to should something not work the way we expect. - Jy@ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message