Re: pf and broadcasts

From: Peter N. M. Hansteen (
Date: 02/02/05

  • Next message: PP: "Re: pf and broadcasts"
    Date: 02 Feb 2005 21:50:05 +0100

    "PP" <> writes:

    > The $priv_nets macro in the PF example ruleset however does not so I assume
    > _that_ ruleset _would_ be leaking netbios, wouldn't it?

    That rule set lets machines on the inside start any connection they
    desire to the outside world and receive return traffic (the main use of
    'keep state').

    Hosts on the outside would as far as I can see not be able to contact
    hosts on the inside on any ports other than $tcp_services.

    It looks like the PFUG authors had mainly OpenBSD machines in mind ;)

    With Microsoft machines on the inside, I would tend to allow outgoing
    connections on only a short list of ports.

    Peter N. M. Hansteen, member of the first RFC 1149 implementation team
    "First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"

  • Next message: PP: "Re: pf and broadcasts"