Hi security@ list,
In my self written, large ipfw rule set, I had something that passed
http to allow me to browse most but not all remote sites. For years
I assumed the few sites I had difficulty with were cases pppoed MTU
!= 1500, from not having installed tcpmssd on my 4.*-RELEASE, but
then running 6.1-RELEASE I realised that wasn't the problem.
http://www.web.de Still failed, &
http://www.sueddeutsche.de Was slow.
I tried adding
${fwcmd} add pass tcp from any to any established
from src/etc/rc.firewall case - simple. Which solved it.
But I was scared, not undertstand what the established bit did, &
how easily an attacker might fake something, etc.
I found adding these tighter rules instead worked for me
${fwcmd} tcp from any http to me established in via tun0
${fwcmd} tcp from me to any http established out via tun0
Should I still be worrying about established ?
Julian
--
Julian Stacey. BSD Unix C Net Consultancy, Munich/Muenchen http://berklix.com
Mail Ascii, not HTML. Ihr Rauch = mein allergischer Kopfschmerz.
http://berklix.org/free-software
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
