Paul - Many thanks. I just ordered the book and will surely read that ... I agree and therefore I had put a session limit of 5 against ICMP to limit risk.
But I am a newb and there will be many newb enthusiasts coming to pfsense and thats what I think will put this ahead of all firewalls. I started with all flavors of boxed sub $100 devices but the QoS for vonage drove me to m0n0wall. At that time (one year ago) PPTP and traffic shaping was still a problem there and since modern waste hardware is way more powerful, I settled with pfsense. Since then there are 8 pfsense installs due to me which are install and forget. Again I love you Geek Gods for overwhelming support to wannabe's like us. Paul M <[EMAIL PROTECTED]> wrote: Anil Garg wrote: > In my pass-through for PPTP and IPSEC, I had a rule that allowed > any...all..any for only TCP IP protocol. > I have now changed that to any protocol all the way to the end any..... > Is this ok on the VPN interfaces like PPTP and IPSEC? adding rules which permit any-any, even if it's all kinds of icmp is a bad idea. if you don't know why, you need to read a good book on firewalls etc. here's a good start. http://preview.tinyurl.com/26fm8z I don't want to be rude, in the main, pfsense is a product for people who understand internet security at least in some detail. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
