Date: Wed, 25 Oct 2000 01:38:19 -0700 (PDT) From: Mike Hoskins <mike@adept.org> To: cjclark@alum.mit.edu Cc: Andrew Johns <johnsa@kpi.com.au>, peter@sysadmin-inc.com, freebsd-security@FreeBSD.ORG Subject: Re: request for example rc.firewall script Message-ID: <Pine.BSF.4.21.0010250134510.47737-100000@snafu.adept.org> In-Reply-To: <20001024224313.X75251@149.211.6.64.reflexcom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 24 Oct 2000, Crist J . Clark wrote: > > check-state > > allow ip from a.b.c.d to any keep-state > > allow ip from x.y.z.z/24 to any keep-state > Eep! You've left yourself _very_ vulnerable to spoofing. From the internal net you mean? If so, I agree. Given I'm the only person using my 'LAN', I've accepted that as a liveable risk. ;) Also, outbound ACL's on my router prevent spoofing without ipfw's intervention in my case... I do, however, agree that an additional 'layer' of security could and should be bought if this were a production firewall/router. -mrh To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0010250134510.47737-100000>