ropers <rop...@gmail.com> writes: > I don't understand. Why are you not running a default deny setup?
Maybe because this pf.conf is the default one. > On 29 August 2010 14:45, Jean-Francois <jfsimon1...@gmail.com> wrote: > > Hi, > > > > One question, I run gnome on openbsd 4.7 and apparently there is > > no reason to keep the following rule since nothing listens to > > those ports on my machine. > > > > block in on ! lo0 proto tcp to port 6000:6010 > > > > I verified with netstat that there is nothing listening to any of > > tcp ports in the range 6000-6010. > > > > May you please confirm that there is no security issue with > > removing this rule ? Why do you want to remove it? If you don't need, don't remove it. If You want to modify pf.conf, better to use a default block and allow only the necessary. -- Guillaume Pinot http://www.irccyn.ec-nantes.fr/~pinot/ + Les grandes personnes ne comprennent jamais rien toutes seules, et c'est fatigant, pour les enfants, de toujours leur donner des explications... ; -- Antoine de Saint-Exupiry, Le Petit Prince () ASCII ribbon campaign -- Against HTML e-mail /\ http://www.asciiribbon.org -- Against proprietary attachments
