[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PF keep state: in vs. out

To: <ira@crosswinds.net>, <misc@openbsd.org>
Subject: Re: PF keep state: in vs. out
From: "Brian K. West" <obsd@bkw.org>
Date: Thu, 20 Jun 2002 16:00:47 -0500

IRA,
	I personally use keep-state.  My view is if they are going to
mess with your machine or DoS it they will do it either way.  Why create
an issue where one doesn't exist.  It's kinda like worrying about a tire
blow out.  Your not using Firestone(tm) OS so I wouldn't worry! :)

bkw

-----Original Message-----
From: owner-misc@openbsd.org [mailto:owner-misc@openbsd.org] On Behalf
Of ira@crosswinds.net
Sent: Thursday, June 20, 2002 3:10 PM
To: misc@openbsd.org
Subject: PF keep state: in vs. out

Hi,

(2 NICs bridges; OpenBSD 3.1-stable)
a simple question:

using keep-state rules for connection from internet to my webserver is
secure ?
Or the firewall could be a target for a DoS ?
(something like  http://www.team-teso.org/releases/3wahas.tar.gz)

Generally, what is the best practice ?
Let open port 80 or let pass only known-stream-packets ?

Thanks.

IRA



___________________________________
Build high quality traffic with the Web's Premier traffic building
system. 2 to 1 ratio! www.itrafficstar.com

References:
- PF keep state: in vs. out
  - From: <ira@crosswinds.net>

Prev by Date: Re: PF keep state: in vs. out
Next by Date: Re: GCC vs. /bsd
Prev by thread: Re: PF keep state: in vs. out
Next by thread: WindowMaker 0.80 de-fault- setup
Index(es):
- Date
- Thread