[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: src/etc/rc.firewall simple ${fw_pass} tcp from any to any established

To: Dan Lukes <dan_(_at_)_obluda_(_dot_)_cz>, freebsd-security_(_at_)_freebsd_(_dot_)_org
Subject: Re: src/etc/rc.firewall simple ${fw_pass} tcp from any to any established
From: "R. B. Riddick" <arne_woerner_(_at_)_yahoo_(_dot_)_com>
Date: Sat, 11 Nov 2006 11:33:56 -0800 (PST)
Cc:

--- Dan Lukes <dan_(_at_)_obluda_(_dot_)_cz> wrote:
> 	Statefull rules can stop the sophisticated intruder, but are often more 
> vulnerable to DoS attacks.
> 
> 	Every method has pros and cons ...
> 
Hmm... U mean, when someone creates a lot of states? At least pf can limit
that... But here it looks like just the good guys can create a state (from the
good-network via the public network to the trusted web sites), so that states
can't hurt, I think...

-Arne

____________________________________________________________________________________
Cheap talk?
Check out Yahoo! Messenger's low PC-to-Phone call rates.
http://voice.yahoo.com
_______________________________________________
freebsd-security_(_at_)_freebsd_(_dot_)_org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe_(_at_)_freebsd_(_dot_)_org"

Follow-Ups:
- Re: src/etc/rc.firewall simple ${fw_pass} tcp from any to any established
  - From: Dan Lukes

References:
- Re: src/etc/rc.firewall simple ${fw_pass} tcp from any to any established
  - From: Dan Lukes

Prev by Date: Re: src/etc/rc.firewall simple ${fw_pass} tcp from any to any established
Next by Date: Re: src/etc/rc.firewall simple ${fw_pass} tcp from any to any established
Previous by thread: Re: src/etc/rc.firewall simple ${fw_pass} tcp from any to any established
Next by thread: Re: src/etc/rc.firewall simple ${fw_pass} tcp from any to any established
Index(es):
- Date
- Thread

Visit your host, monkey.org