|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: TeXitoi (texitoi+news
texitoi.eu)
Date: Sun Aug 29 2010 - 13:59:11 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
ropers <ropersgmail.com> writes:
> I don't understand. Why are you not running a default deny setup?
Maybe because this pf.conf is the default one.
> On 29 August 2010 14:45, Jean-Francois <jfsimon1981gmail.com> wrote:
> > Hi,
> >
> > One question, I run gnome on openbsd 4.7 and apparently there is
> > no reason to keep the following rule since nothing listens to
> > those ports on my machine.
> >
> > block in on ! lo0 proto tcp to port 6000:6010
> >
> > I verified with netstat that there is nothing listening to any of
> > tcp ports in the range 6000-6010.
> >
> > May you please confirm that there is no security issue with
> > removing this rule ?
Why do you want to remove it? If you don't need, don't remove it. If
You want to modify pf.conf, better to use a default block and allow
only the necessary.
--
Guillaume Pinot http://www.irccyn.ec-nantes.fr/~pinot/
+ Les grandes personnes ne comprennent jamais rien toutes seules, et
c'est fatigant, pour les enfants, de toujours leur donner des
explications... ; -- Antoine de Saint-Exupiry, Le Petit Prince
() ASCII ribbon campaign -- Against HTML e-mail
/\ http://www.asciiribbon.org -- Against proprietary attachments
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]