[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: /usr/share/pf/ suggestion
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: /usr/share/pf/ suggestion
- From: Ray Percival <rpercival_(_at_)_scarynetworkguy_(_dot_)_net>
- Date: Tue, 23 Aug 2005 16:48:43 -0700
- Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org
On Tue, Aug 23, 2005 at 06:57:43PM -0400, Will H. Backman wrote:
> > -----Original Message-----
> > From: Theo de Raadt [mailto:deraadt_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org]
> > Sent: Tuesday, August 23, 2005 6:53 PM
> > To: Jason Crawford
> > Cc: Will H. Backman; j knight; Misc OpenBSD
> > Subject: Re: /usr/share/pf/ suggestion
> (Crawling out of my protective hole)
> So does it make sense to include a basic pf rule set for a basic
> end-user host that blocks everything by default?
> I've done it using the example I gave. Don't know if my way has some
> errors or not.
I'd say punch a hole for SSH. This is because I consider a *NIX box that can not be managed via SSH to be borken.
And, of course, we are only talking about having this as an example and maybe mentioned in a FAQ someplace and not turned on by defualt, right?
BOFH excuse #394:
Jupiter is aligned with Mars.
Visit your host, monkey.org