[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: /usr/share/pf/ suggestion



On Tue, Aug 23, 2005 at 06:57:43PM -0400, Will H. Backman wrote:
> > -----Original Message-----
> > From: Theo de Raadt [mailto:deraadt_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org]
> > Sent: Tuesday, August 23, 2005 6:53 PM
> > To: Jason Crawford
> > Cc: Will H. Backman; j knight; Misc OpenBSD
> > Subject: Re: /usr/share/pf/ suggestion
> > 
<snip> 
> (Crawling out of my protective hole)
> So does it make sense to include a basic pf rule set for a basic
> end-user host that blocks everything by default?
> I've done it using the example I gave.  Don't know if my way has some
> errors or not.
I'd say punch a hole for SSH. This is because I consider a *NIX box that can not be managed via SSH to be borken.

 And, of course, we are only talking about having this as an example and maybe mentioned in a FAQ someplace and not turned on by defualt, right?
> 

-- 
BOFH excuse #394:

Jupiter is aligned with Mars.