rc.firewall
Matthew Dillon
dillon at apollo.backplane.com
Fri Oct 22 11:11:54 PDT 2004
:> discovery to work properly, you can't just turn off all ICMP.
:>
:> e.g. packet-too-big, echo, echo-reply, unreachable, traceroute,
:> ttl-exceeded, and parameter-problem should generally be allowed through.
:> I forget the icmp numbers for them but those are the ones that have
:> to be allowed.
:
:updated to use the defaults of firewall(7)
:
:> Also, certain tcp ports have to either be allowed (even if no service
:> is running), or a reset has to be sent for connection attempts on them.
:> Well, at least one tcp port anyway, that being 'auth', port 113.
:> Otherwise auth requests made by, e.g. remote sendmails, will create
:> unnecessary delays.
:
:We can do that by adding 113 to open ports - updated.
:
:Andy
Excellent. I am doing a bit of testing and am almost ready to commit it.
May I have permission to add an official DFly copyright? The lines you
added aren't quite enough.
i.e. the below. No need to update your patch, I will commit as soon as
we get this last little bit resolved.
-Matt
Matthew Dillon
<dillon at xxxxxxxxxxxxx>
/*
* Copyright (c) 2004 The DragonFly Project. All rights reserved.
*
* This code is derived from software contributed to The DragonFly Project
* by Andreas Hauser <andy-dragonfly at xxxxxxxxxxxxxxx>
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* ...
* [remainder of the standard dragonfly copyright]
*/
More information about the Submit
mailing list