Date: Thu, 14 Jan 1999 20:12:40 +0100 From: Eivind Eklund <eivind@FreeBSD.ORG> To: Martin Machacek <mm@i.cz> Cc: security@FreeBSD.ORG Subject: Re: examples rules ipfw Message-ID: <19990114201240.B88792@bitbox.follo.net> In-Reply-To: <XFMail.990114175401.mm@i.cz>; from Martin Machacek on Thu, Jan 14, 1999 at 05:54:01PM %2B0100 References: <19990114153709.A88792@bitbox.follo.net> <XFMail.990114175401.mm@i.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jan 14, 1999 at 05:54:01PM +0100, Martin Machacek wrote: > > On 14-Jan-99 Eivind Eklund wrote: > > On Thu, Jan 14, 1999 at 11:00:41PM +1300, Andrew McNaughton wrote: > > If you need another secure approach, look at libalias. > > > > It contains my code for automatically creating tiny 'holes' in the > > firewall just allowing one specific connection through. > > > > Unfortunately, there are not any clients in FreeBSD that use that as > > of today, but you should be able to build it into natd and ppp fairly > > easily (it is only two function calls to enable it; one to set the > > rule number range in the firewall rules to use for creating 'holes', > > and one to enable the flag). > > > > I guess the code could be adapted to be usable in environments without > > NAT, but I haven't really looked into it. I don't really approve of > > using pure packet filters for a firewall. > > Do you think that this feature could be used to run rsh from net with > private IP addresses (RFC 1918) over NAT "firewall" (using natd) to machine > in front of the firewall with public IP address? I don't know - I've not looked at the rsh protocol at all. I didn't even know it was an active protocol (ie, used backward connections). Any reason you can't use ssh? Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990114201240.B88792>