Re: src/etc/rc.firewall simple ${fw_pass} tcp from any to any established

---

• From: "R. B. Rid***" <arne_woerner@xxxxxxxxx>
• Date: Sat, 11 Nov 2006 11:33:56 -0800 (PST)

---

--- Dan Lukes <dan@xxxxxxxxx> wrote:

Statefull rules can stop the sophisticated intruder, but are often more
vulnerable to DoS attacks.

Every method has pros and cons ...

Hmm... U mean, when someone creates a lot of states? At least pf can limit
that... But here it looks like just the good guys can create a state (from the
good-network via the public network to the trusted web sites), so that states
can't hurt, I think...

-Arne



____________________________________________________________________________________
Cheap talk?
Check out Yahoo! Messenger's low PC-to-Phone call rates.
http://voice.yahoo.com
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

---

• Follow-Ups:
  • Re: src/etc/rc.firewall simple ${fw_pass} tcp from any to any established
    • From: Dan Lukes

• References:
  • Re: src/etc/rc.firewall simple ${fw_pass} tcp from any to any established
    • From: Dan Lukes

• Prev by Date: Re: src/etc/rc.firewall simple ${fw_pass} tcp from any to any established
• Next by Date: Re: src/etc/rc.firewall simple ${fw_pass} tcp from any to any established
• Previous by thread: Re: src/etc/rc.firewall simple ${fw_pass} tcp from any to any established
• Next by thread: Re: src/etc/rc.firewall simple ${fw_pass} tcp from any to any established
• Index(es):
  • Date
  • Thread

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2006-11