rc.firewall

Matthew Dillon dillon at apollo.backplane.com
Fri Oct 22 11:11:54 PDT 2004


:>     discovery to work properly, you can't just turn off all ICMP.  
:> 
:>     e.g.  packet-too-big, echo, echo-reply, unreachable, traceroute,
:>     ttl-exceeded, and parameter-problem should generally be allowed through.
:>     I forget the icmp numbers for them but those are the ones that have
:>     to be allowed.
:
:updated to use the defaults of firewall(7)
:
:>     Also, certain tcp ports have to either be allowed (even if no service
:>     is running), or a reset has to be sent for connection attempts on them.
:>     Well, at least one tcp port anyway, that being 'auth', port 113.
:>     Otherwise auth requests made by, e.g. remote sendmails, will create
:>     unnecessary delays.
:
:We can do that by adding 113 to open ports - updated.
:
:Andy

    Excellent. I am doing a bit of testing and am almost ready to commit it.

    May I have permission to add an official DFly copyright?  The lines you
    added aren't quite enough.

    i.e. the below.  No need to update your patch, I will commit as soon as
    we get this last little bit resolved.

					-Matt
					Matthew Dillon 
					<dillon at xxxxxxxxxxxxx>

/*
 * Copyright (c) 2004 The DragonFly Project.  All rights reserved.
 * 
 * This code is derived from software contributed to The DragonFly Project
 * by Andreas Hauser <andy-dragonfly at xxxxxxxxxxxxxxx>
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 
 * 1. Redistributions of source code must retain the above copyright
 * ...
 * [remainder of the standard dragonfly copyright]
 */





More information about the Submit mailing list