Date: Fri, 25 Oct 2002 16:24:40 +0930 From: David Lloyd <lloy0076@adam.com.au> To: Bryan Cassidy <bryanc2000@insightbb.com> Cc: adamw@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG Subject: Re: Whats the deal? Message-ID: <20021025162440.796a9f18.lloy0076@adam.com.au> In-Reply-To: <20021025013131.13ddf403.bryanc2000@insightbb.com> References: <20021025005639.507fd4a1.bryanc2000@insightbb.com> <20021025062905.GC70503@vectors.cx> <20021025013131.13ddf403.bryanc2000@insightbb.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Bryan, > option IPFIREWALL_DEFAULT_TO_ACCEPT > > or > option IPFIREWALL_DEFAULT_TO_ACCEPT=?? > > to the kernel? I tend to add a rule that is the equivalent of "accept everything" at 65534 or thereabouts _if_ and _only if_ I really want a firewall of this type. The reason why firewalls tend to default to DENY is that it's easier to ALLOW stuff you want rather than remember what STUFF you don't want. Whilst your users might scream if you accidentally deny ICQ/IRC/something else you shouldn't have denied, they'll be more upset if the system goes down because you forgot to close some insecure port and then lost the system so badly you needed to do a full rebuild... DSL -- The Linux C Programming Lists: * http://lists.linux.org.au/listinfo/linuxcprogramming/ The Linux C++ Programming Lists: * http://lists.linux.org.au/listinfo/tuxcpprogramming/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021025162440.796a9f18.lloy0076>