src/etc/rc.firewall simple ${fw_pass} tcp from any to any
established
R. B. Riddick
arne_woerner at yahoo.com
Sat Nov 11 19:34:30 UTC 2006
--- Dan Lukes <dan at obluda.cz> wrote:
> Statefull rules can stop the sophisticated intruder, but are often more
> vulnerable to DoS attacks.
>
> Every method has pros and cons ...
>
Hmm... U mean, when someone creates a lot of states? At least pf can limit
that... But here it looks like just the good guys can create a state (from the
good-network via the public network to the trusted web sites), so that states
can't hurt, I think...
-Arne
____________________________________________________________________________________
Cheap talk?
Check out Yahoo! Messenger's low PC-to-Phone call rates.
http://voice.yahoo.com
More information about the freebsd-security
mailing list