Re: Configuring JAIL to bind on lo0 interface

bonifaktuura_at_inbox.lv
Date: 12/20/03

  • Next message: Richard Bejtlich: "Re: interface bonding"
    Date: Sat, 20 Dec 2003 23:34:31 +0200
    To: freebsd-security@FreeBSD.ORG
    
    

    > so allow rules will look something along the lines of:
    >
    > pass in quick on fxp0 proto tcp from any to 127.0.0.53 port = 1053 flags S
    > keep state
    > pass in quick on fxp0 proto udp from any to 127.0.0.53 port = 1053 keep
    > state

    well, in case if he has block by default policy he will need smth like
    this, too:

    pass out quick on fxp0 proto tcp from 127.0.0.53 to any port = 53 flags S keep state
    pass out quick on fxp0 proto udp from 127.0.0.53 to any port = 53 keep state

    and changing 'any' to dns servers he's using as masters is good idea.

    p.
    This message contains no viruses.
    Guaranteed by Kaspersky Anti-Virus.
    http://www.antivirus.lv

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Richard Bejtlich: "Re: interface bonding"

    Relevant Pages

    • Re: The price of SELinux (CPU)
      ... > I've heard that SELinux has produced benchmarks such ... > To unsubscribe from this list: ... More majordomo info at http://vger.kernel.org/majordomo-info.html ...
      (Linux-Kernel)
    • Re: SMTP activity
      ... All corporate anti-virus software has the ability to remove attachments ... attachments which are known to carry viruses. ... There are little protection against day-zero viruses. ... by applying proper policy, which with AD is a fairly uncomplicated task. ...
      (comp.security.firewalls)
    • Re: Anti-Spam ideas for usenet/list harvested email addresses
      ... > business we don't get to enable that feature on our email server. ... I am OK with that policy. ... If more ISP's did this and blocked outgoing smtp that didn't relay through ... their servers that happened to scan inbound and outbound mail for viruses, ...
      (Debian-User)
    • Re: The price of SELinux (CPU)
      ... > typical policy lookup. ... > selinux with no policy it's rather 0ish; ... >> More majordomo info at ... > To unsubscribe from this list: ...
      (Linux-Kernel)
    • Re: The price of SELinux (CPU)
      ... the benchmark "results" _look_ like being authored by ... > typical policy lookup. ... >> More majordomo info at ... > To unsubscribe from this list: ...
      (Linux-Kernel)