svn commit: r49600 - head/en_US.ISO8859-1/books/handbook/firewalls
Maxim Konovalov
maxim.konovalov at gmail.com
Mon Jan 2 16:16:58 UTC 2017
Hi Warren,
On Fri, 28 Oct 2016, 15:31-0000, Warren Block wrote:
[...]
> # Allow outbound NTP
> -$cmd 00260 allow tcp from any to any 37 out via $pif setup keep-state
> +$cmd 00260 allow udp from any to any 123 out via $pif setup keep-state
>
> # Allow outbound SSH
> $cmd 00280 allow tcp from any to any 22 out via $pif setup keep-state
>
Are you sure about this change? NTP is UDP based protocol. In the
same time "setup" is TCP only feature (why ipfw(8) allows it to use in
conjunction with the UDP proto is a different story)
I think the comment is what should be fixed here.
--
Maxim Konovalov
More information about the svn-doc-head
mailing list