Re: laptop firewall rules
From: Giorgos Keramidas (keramida_at_ceid.upatras.gr)
Date: 10/31/05
- Previous message: Andrew P.: "Re: portupgrade stale dependencies"
- In reply to: Giorgos Keramidas: "Re: laptop firewall rules"
- Next in thread: Vitaly Cherny: "Re: laptop firewall rules"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 31 Oct 2005 17:43:55 +0200 To: Eric F Crist <ecrist@secure-computing.net>
On 2005-10-31 16:45, Giorgos Keramidas <keramida@ceid.upatras.gr> wrote:
>On 2005-10-30 18:23, Eric F Crist <ecrist@secure-computing.net> wrote:
>>On Oct 30, 2005, at 4:41 PM, andy@neu.net wrote:
>>> Does anyone have a good example of a firewall ruleset for a
>>> wireless interface in a laptop, or a pointer to documentation?
>>> I want to use IPFilter on 6.0 rc1. I want to let all
>>> connections out and keep state, but block all incoming from
>>> the outside.
>>
>> That ruleset is easy:
>>
>> ipfw add check-state
>> ipfw add allow tcp from me to any setup keep-state
>> ipfw add allow tcp from any to any established
>> ipfw add deny from any to me in
>
> No, please!
>
> If you are using "keep-state", when "allow all established" is
> hardly ever a good idea.
"when" = "then", of course.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
- Previous message: Andrew P.: "Re: portupgrade stale dependencies"
- In reply to: Giorgos Keramidas: "Re: laptop firewall rules"
- Next in thread: Vitaly Cherny: "Re: laptop firewall rules"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
