dillon at apollo.backplane.com
Fri Oct 22 11:11:54 PDT 2004
:> discovery to work properly, you can't just turn off all ICMP.
:> e.g. packet-too-big, echo, echo-reply, unreachable, traceroute,
:> ttl-exceeded, and parameter-problem should generally be allowed through.
:> I forget the icmp numbers for them but those are the ones that have
:> to be allowed.
:updated to use the defaults of firewall(7)
:> Also, certain tcp ports have to either be allowed (even if no service
:> is running), or a reset has to be sent for connection attempts on them.
:> Well, at least one tcp port anyway, that being 'auth', port 113.
:> Otherwise auth requests made by, e.g. remote sendmails, will create
:> unnecessary delays.
:We can do that by adding 113 to open ports - updated.
Excellent. I am doing a bit of testing and am almost ready to commit it.
May I have permission to add an official DFly copyright? The lines you
added aren't quite enough.
i.e. the below. No need to update your patch, I will commit as soon as
we get this last little bit resolved.
<dillon at xxxxxxxxxxxxx>
* Copyright (c) 2004 The DragonFly Project. All rights reserved.
* This code is derived from software contributed to The DragonFly Project
* by Andreas Hauser <andy-dragonfly at xxxxxxxxxxxxxxx>
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* [remainder of the standard dragonfly copyright]
More information about the Submit