Re: pf and broadcasts
From: Peter N. M. Hansteen (peter_at_bgnett.no)
Date: 02 Feb 2005 21:50:05 +0100
"PP" <email@example.com> writes:
> The $priv_nets macro in the PF example ruleset however does not so I assume
> _that_ ruleset _would_ be leaking netbios, wouldn't it?
That rule set lets machines on the inside start any connection they
desire to the outside world and receive return traffic (the main use of
Hosts on the outside would as far as I can see not be able to contact
hosts on the inside on any ports other than $tcp_services.
It looks like the PFUG authors had mainly OpenBSD machines in mind ;)
With Microsoft machines on the inside, I would tend to allow outgoing
connections on only a short list of ports.
-- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ "First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"