[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PF keep state: in vs. out
I personally use keep-state. My view is if they are going to
mess with your machine or DoS it they will do it either way. Why create
an issue where one doesn't exist. It's kinda like worrying about a tire
blow out. Your not using Firestone(tm) OS so I wouldn't worry! :)
From: email@example.com [mailto:firstname.lastname@example.org] On Behalf
Sent: Thursday, June 20, 2002 3:10 PM
Subject: PF keep state: in vs. out
(2 NICs bridges; OpenBSD 3.1-stable)
a simple question:
using keep-state rules for connection from internet to my webserver is
Or the firewall could be a target for a DoS ?
(something like http://www.team-teso.org/releases/3wahas.tar.gz)
Generally, what is the best practice ?
Let open port 80 or let pass only known-stream-packets ?
Build high quality traffic with the Web's Premier traffic building
system. 2 to 1 ratio! www.itrafficstar.com