fbsd_user wrote: > Just what do you mean by punching a hole in the > firewall without the firewalls knowledge? > > The firewall is designed to stop just such a thing.
If the firewall opens a path for the external server inbound as a result of supporting active-mode FTP or the data channel for IRC, which most firewalls do by default if they permit FTP through in the first place, that can be used to send arbitrary data back to the client. Having the firewall block FTP, HTTP, and IRC/6667 traffic from inside machines, except for a trusted and monitored proxy server like Squid, will significantly improve the security of the network... -- -Chuck _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
