laptop firewall rules

Giorgos Keramidas keramida at ceid.upatras.gr
Mon Oct 31 07:44:06 PST 2005


On 2005-10-31 16:45, Giorgos Keramidas <keramida at ceid.upatras.gr> wrote:
>On 2005-10-30 18:23, Eric F Crist <ecrist at secure-computing.net> wrote:
>>On Oct 30, 2005, at 4:41 PM, andy at neu.net wrote:
>>> Does anyone have a good example of a firewall ruleset for a
>>> wireless interface in a laptop, or a pointer to documentation?
>>> I want to use IPFilter on 6.0 rc1.  I want to let all
>>> connections out and keep state, but block all incoming from
>>> the outside.
>>
>> That ruleset is easy:
>>
>> ipfw add check-state
>> ipfw add allow tcp from me to any setup keep-state
>> ipfw add allow tcp from any to any established
>> ipfw add deny from any to me in
>
> No, please!
>
> If you are using "keep-state", when "allow all established" is
> hardly ever a good idea.

"when" = "then", of course.



More information about the freebsd-mobile mailing list