|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Peter C. Lai (sirmoo
cowbert.2y.net)Date: Sun Feb 24 2002 - 20:37:32 CST
As another note, rc.firewall presents several preset options for
your firewall, that of OPEN, CLIENT, or SIMPLE.
I use a version of simple that allows more stuff through.
I forgot about icmp until i realized i couldn't ping my box
and some script which depended on the response time broke.
I think allowing ICMP ought to be in either CLIENT or SIMPLE.
On Sun, Feb 24, 2002 at 09:00:22PM -0500, Ralph Huntington wrote:
> > I think the question is did the FreeBSD team intentionally (for the
> > reasons of security) make the default install non-compliant with some
> > RFCs (read: broken), or was it just not thought of? And second,
> > should this be changed? I don't think the original poster was
> > suggesting that deny ip from any to any shouldn't block anything, just
> > asking should there be a rule in rc.firewall in the default install to
> > allow ICMP so the machine is well behaved.
>
> Thank you.
>
>
> To Unsubscribe: send mail to majordomoFreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
-- Peter C. Lai University of Connecticut Dept. of Residential Life | Programmer Dept. of Molecular and Cell Biology | Undergraduate Research Assistant http://cowbert.2y.net/ 860.427.4542 (Room) 860.486.1899 (Lab) 203.206.3784 (Cellphone)To Unsubscribe: send mail to majordomo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]