CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

projects / FreeBSD / FreeBSD.git / commit

author	Nick Sayer <nsayer@FreeBSD.org>
	Tue, 20 Feb 2001 19:54:31 +0000 (19:54 +0000)
committer	Nick Sayer <nsayer@FreeBSD.org>
	Tue, 20 Feb 2001 19:54:31 +0000 (19:54 +0000)
commit	5b9c7d3e5bfe0cb32aa723aeb5eeca7cb986cb70
tree	f68235b5122f61fd9c5bc83d9db27e2d6ff74b67	tree \| snapshot
parent	25801a0e8b0285caeab24a7ff76006c20bb7da73	commit \| diff

Fix some glaring insecurities in the prototype firewall configurations.

pass udp from any 53 to ${oip}

allows an attacker to access ANY local port by simply binding his local
side to 53. The state keeping mechanism is the correct way to allow DNS
replies to go back to their source.

etc/rc.firewall

diff | blob | history

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom