On 17-Aug-99 Rodney W. Grimes wrote:
> I kinda like the idea of this, but can't that really just
> be done easily with a few ipfw rules, the last two being
> the important ones:
>
> for port in "22 53" ; do
> ipfw add allow udp from any to ${myip} ${port}
> ipfw add allow udp from ${myip} ${port} to any
> ipfw add allow tcp from any to ${myip} ${port}
> ipfw add allow tcp from ${myip} ${port} to any
> done
> ipfw add deny udp from any to ${myip}
> ipfw add deny tcp from any to ${myip}
>
> Why should we special case this?
Because this doesn't work for non-passive FTP for starters..
---
Daniel O'Connor software and network engineer
for Genesis Software - http://www.gsoft.com.au
"The nice thing about standards is that there
are so many of them to choose from."
-- Andrew Tanenbaum
PGP signature- Dropping connections without RST Geoff Rehmet
- Re: Dropping connections without RST Archie Cobbs
- Re: Dropping connections without RST Brian W. Buchanan
- Re: Dropping connections without RST Archie Cobbs
- Re: Dropping connections without RST Rodney W. Grimes
- Re: Dropping connections without RST Warner Losh
- Re: Dropping connections without R... Daniel O'Connor
- Re: Dropping connections without R... Rodney W. Grimes
- Re: Dropping connections without RST Rodney W. Grimes
- Re: Dropping connections without RST Daniel O'Connor
- Re: Dropping connections without RST Rodney W. Grimes
- Re: Dropping connections without R... Daniel O'Connor
- Re: Dropping connections without R... Geoff Rehmet
- Re: Dropping connections witho... Rodney W. Grimes
- Re: Dropping connections without RST Matt Crawford
- Re: Dropping connections without RST Leif Neland
- Re: Dropping connections without R... Ollivier Robert
- Re: Dropping connections witho... Daniel O'Connor
- Re: Dropping connections without RST Warner Losh
- Re: Dropping connections without RST Garrett Wollman
