My ipfilter rules.
Shaun T. Erickson
ste at ste-land.com
Thu Mar 4 07:33:11 PST 2004
In order to be a good netizen, I applied the bogon list to my outbound
traffic, too. I also moved the bad packet checks to the head of the
incoming rules, as they make more sense there - no point in letting them
use any more cpu than needed, if they are junk.
At least 35 people have looked at my rules
(http://www.ste-land.com/rules.html). I've updated the page, so be sure
to hit refresh/reload, if you go to look at it again. So far, two people
have responded. I took the suggestions of one. Anyone else? I'm putting
the server on the Internet tonight, and would like the firewall done by
then.
Two questions:
1) Should I be performing the bad packet checks on the outbound path, too?
2) I looked at using groups to keep outbound packets from traversing
rules for inbound packets, and vice versa, but I still don't understand
them well enough to set them up. Suggestions?
-ste
More information about the freebsd-questions
mailing list