svn commit: r49600 - head/en_US.ISO8859-1/books/handbook/firewalls
Maxim Konovalov
maxim.konovalov at gmail.com
Wed Jan 4 19:19:38 UTC 2017
[...]
> > I'd remove the "setup" keyword from the command. Let me know if I can
> > go ahead with this change.
>
> It's okay with me. Er, "Approved". It would be really nice if you could test
> and verify it, but not required.
>
Done.
Just a side note: the chapter still needs more work -- e.g. there is
the time service rule in the ipf (not sure if it is ever functional on
FreeBSD these days) sub-chapter.
There is a quite dubious 310 rule in the ipfw example (dru@ cc'ed)
that claims that denies "Deny public pings" but in fact denies all
ICMP not just ICMP echo request/response or types 9/0. It means it
could break the path mtu discovery mechanism that relies on ICMP type
3 code 4 messages.
I must admit I haven't read the chapter carefully.
Thanks,
Maxim
--
Maxim Konovalov
More information about the svn-doc-all
mailing list