Date: Mon, 11 Oct 2004 00:53:35 -0400 From: Joe Marcus Clarke <marcus@marcuscom.com> To: Randy Bush <randy@psg.com> Cc: freebsd-gnome@freebsd.org Subject: Re: Gnome2 hangs on startup Message-ID: <1097470415.22522.14.camel@shumai.marcuscom.com> In-Reply-To: <16744.49671.348105.73667@ran.psg.com> References: <4166D58D.6020305@ev.net> <200410091555.07963.josemi@freebsd.jazztel.es> <16743.61876.660465.143923@ran.psg.com> <200410091630.03594.josemi@freebsd.jazztel.es> <4168269A.2070900@marcuscom.com> <16744.49671.348105.73667@ran.psg.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-y1rTWOMoqG/usEKT55dx Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Sun, 2004-10-10 at 01:00, Randy Bush wrote: > > If you firewall off TCP and UDP 111, and only allow local hosts to > > connect (maybe _just_ localhost) you should never have a problem with > > it. >=20 > well, as a security friend sez >=20 > One more thing: if you're running rpcbind, you're presumably > running some other service that talks to it. You need to block > its port(s), too. >=20 > so, what else needs blocking? I was assuming you would otherwise be properly firewalled, and only allowing in connections to a small set of known ports. However, I believe FAM listens on random high TCP ports. >=20 > and, btw, you can't just block 111 from non-127/8. you could get > an attack toward your 127/8. you need to block 127/8 after > allowing lo0. Of course. The standard client ipfw profile should provide you with enough protection. Joe >=20 > and that's why i hate this stuff. >=20 > randy --=20 PGP Key : http://www.marcuscom.com/pgp.asc --=-y1rTWOMoqG/usEKT55dx Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBahHPb2iPiv4Uz4cRAh7KAJ0SgDNB3RFs39X6YXdqkZj0g+Md/gCfcVxu yAqA227gsXcd73+22P/kNJo= =vMwK -----END PGP SIGNATURE----- --=-y1rTWOMoqG/usEKT55dx--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1097470415.22522.14.camel>