diff options
| author | phk <phk@FreeBSD.org> | 1996-04-12 09:16:42 +0000 |
|---|---|---|
| committer | phk <phk@FreeBSD.org> | 1996-04-12 09:16:42 +0000 |
| commit | eb2d09c22150e59e29a22b8a4d325473e1df4dfa (patch) | |
| tree | 0f3a8fd594e7791698216cee807b5fa6ff5ac150 /etc | |
| parent | 699b9de7734782d8b0f60133c166b1cc715e6044 (diff) | |
| download | FreeBSD-src-eb2d09c22150e59e29a22b8a4d325473e1df4dfa.zip FreeBSD-src-eb2d09c22150e59e29a22b8a4d325473e1df4dfa.tar.gz | |
Add another good book to the required reading.
make a couple of rules more sensible.
Reviewed by: phk
Submitted by: jmb
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/rc.firewall | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/etc/rc.firewall b/etc/rc.firewall index 026334c..de2b563 100644 --- a/etc/rc.firewall +++ b/etc/rc.firewall @@ -1,6 +1,6 @@ ############ # Setup system for firewall service. -# $Id$ +# $Id: rc.firewall,v 1.1 1996/04/03 17:13:58 phk Exp $ ############ # @@ -13,6 +13,14 @@ # If you don't know enough about packet filtering, we suggest that you # take time to read this book: # +# Building Internet Firewalls +# Brent Chapman and Elizabeth Zwicky +# +# O'Reilly & Associates, Inc +# ISBN 1-56592-124-0 +# +# For a more advanced treatment of Internet Security read: +# # Firewalls & Internet Security # Repelling the wily hacker # William R. Cheswick, Steven M. Bellowin @@ -50,7 +58,7 @@ if false ; then /sbin/ipfw add pass all from ${net}:${mask} to ${ip} # Allow TCP through if setup succeeded - /sbin/ipfw add deny tcp from any to any established + /sbin/ipfw add pass tcp from any to any established # Allow setup of incoming email /sbin/ipfw add pass tcp from any to ${ip} 25 setup @@ -103,7 +111,7 @@ if false ; then /sbin/ipfw add deny all from 10.0.0.0:255.0.0.0 to any via ${oif} # Allow TCP through if setup succeeded - /sbin/ipfw add deny tcp from any to any established + /sbin/ipfw add pass tcp from any to any established # Allow setup of incoming email /sbin/ipfw add pass tcp from any to ${oip} 25 setup |
