Date: Fri, 26 Sep 1997 16:03:33 +1000 (EST) From: "Daniel O'Callaghan" <danny@panda.hilink.com.au> To: Nate Williams <nate@mt.sri.com> Cc: security@freebsd.org Subject: Re: rc.firewall weakness? Message-ID: <Pine.BSF.3.91.970926155959.262T-100000@panda.hilink.com.au> In-Reply-To: <199709260537.XAA21334@rocky.mt.sri.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 25 Sep 1997, Nate Williams wrote: > > > > You've got it, which is why I only permit UDP 53<->53 and 123<->123. > > > > > > How do you do that? You must not be using IPFW, since it really doesn't > > > allow the ability to permit <port>-<port>. > > > > What about: > > > > ipfw add 1000 allow udp from any 53 to 1.2.3.4 53 in > > It doesn't work that way. ;( No? My cursory reading of ip_fw.c indicates that it does, but I'm happy to be shown otherwise, as I don't consider myself to be a C expert. Or are you referring to the fact that you need a more comprehensive ruleset to be effective? Danny
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.970926155959.262T-100000>