[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: /usr/share/pf/ suggestion

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: /usr/share/pf/ suggestion
From: Ray Percival <rpercival_(_at_)_scarynetworkguy_(_dot_)_net>
Date: Tue, 23 Aug 2005 16:48:43 -0700
Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org

On Tue, Aug 23, 2005 at 06:57:43PM -0400, Will H. Backman wrote:
> > -----Original Message-----
> > From: Theo de Raadt [mailto:deraadt_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org]
> > Sent: Tuesday, August 23, 2005 6:53 PM
> > To: Jason Crawford
> > Cc: Will H. Backman; j knight; Misc OpenBSD
> > Subject: Re: /usr/share/pf/ suggestion
> > 
<snip> 
> (Crawling out of my protective hole)
> So does it make sense to include a basic pf rule set for a basic
> end-user host that blocks everything by default?
> I've done it using the example I gave.  Don't know if my way has some
> errors or not.
I'd say punch a hole for SSH. This is because I consider a *NIX box that can not be managed via SSH to be borken.

 And, of course, we are only talking about having this as an example and maybe mentioned in a FAQ someplace and not turned on by defualt, right?
> 

-- 
BOFH excuse #394:

Jupiter is aligned with Mars.

Prev by Date: Network "hang" on IBM x335
Next by Date: Re: 1U server recommendation
Previous by thread: Re: /usr/share/pf/ suggestion
Next by thread: Re: /usr/share/pf/ suggestion
Index(es):
- Date
- Thread

Visit your host, monkey.org