On 17-Aug-99 Rodney W. Grimes wrote: > I kinda like the idea of this, but can't that really just > be done easily with a few ipfw rules, the last two being > the important ones: > > for port in "22 53" ; do > ipfw add allow udp from any to ${myip} ${port} > ipfw add allow udp from ${myip} ${port} to any > ipfw add allow tcp from any to ${myip} ${port} > ipfw add allow tcp from ${myip} ${port} to any > done > ipfw add deny udp from any to ${myip} > ipfw add deny tcp from any to ${myip} > > Why should we special case this? Because this doesn't work for non-passive FTP for starters.. --- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum
- Dropping connections without RST Geoff Rehmet
- Re: Dropping connections without RST Archie Cobbs
- Re: Dropping connections without RST Brian W. Buchanan
- Re: Dropping connections without RST Archie Cobbs
- Re: Dropping connections without RST Rodney W. Grimes
- Re: Dropping connections without RST Warner Losh
- Re: Dropping connections without R... Daniel O'Connor
- Re: Dropping connections without R... Rodney W. Grimes
- Re: Dropping connections without RST Rodney W. Grimes
- Re: Dropping connections without RST Daniel O'Connor
- Re: Dropping connections without RST Rodney W. Grimes
- Re: Dropping connections without R... Daniel O'Connor
- Re: Dropping connections without R... Geoff Rehmet
- Re: Dropping connections witho... Rodney W. Grimes
- Re: Dropping connections without RST Matt Crawford
- Re: Dropping connections without RST Leif Neland
- Re: Dropping connections without R... Ollivier Robert
- Re: Dropping connections witho... Daniel O'Connor
- Re: Dropping connections without RST Warner Losh
- Re: Dropping connections without RST Garrett Wollman