Firewall - why not just block everything not to/from me?
Idar Tollefsen
idart at performancedesign.no
Sat Mar 20 05:36:42 PST 2004
Hello,
I'll admit that networking isn't my strongest
side, but I hope to learn some more, and this
has been bugging me a little, so I hope someone
will bear over with me and explain this.
I have a firewall setup based on the "simple"
setup in rc.firewall.
I was wondering why the blocks for RFC1918 and
other "illegal" nets on both sides of natd are as
they are? Or rather, why not just block everything
not destined for the address(es) on the external
interface(s) before natd and everything not from
the same address(es) after natd? What would I miss
that should, or shouldn't, have let in/out if I do
that?
Another question is why I need to block incoming
traffic to addresses not associated with my machine
at all? Why would, for example, my box ever receive
request destined for 192.168.0.1 when that's not my
address?
Thank your for your time.
- IT
More information about the freebsd-net
mailing list