On May 30, 2008, at 4:41 AM, Ian Smith wrote:
Without debating your stateful alternative - either should work fine
for
TCP applications - this allowed inbound icmp packets for types
0,3,8,11
but no outbound icmp at all (assuming your firewall defaults to deny).
I didn't post all the rules, just the TCP based ones for the web
server. I don't have an outbound send restriction. I believe I have a:
permit ip from me to any out
In there somewhere! ;-)
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
http://www.inoc.net/~rblayzor/
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"