take the axe a little closer, since I didn't say what I meant either, and

better empty than wrong.
svn path=/head/; revision=514
1996-09-07 02:15:56 +00:00 · 1996-09-07 02:15:56 +00:00 · 6f32a3a208 · 2020-12-08 03:00:23 +00:00
commit 6f32a3a208
parent 681925a0a8
1 changed files with 2 additions and 7 deletions
--- a/handbook/firewalls.sgml
+++ b/handbook/firewalls.sgml
@ -1,4 +1,4 @@
-<!-- $Id: firewalls.sgml,v 1.10 1996-09-07 00:51:36 adam Exp $ -->
+<!-- $Id: firewalls.sgml,v 1.11 1996-09-07 02:15:56 adam Exp $ -->
 <!-- The FreeBSD Documentation Project -->

 <sect><heading>Firewalls<label id="firewalls"></heading>
@ -489,15 +489,10 @@ want to allow from the inside. Some general rules are:

 <itemize>

- <item>Block all incoming access to ports below 1000 for TCP. This is
+ <item>Block all incoming access to ports below 1024 for TCP. This is
 where most of the security sensitive services are, like finger, SMTP
 (mail) and telnet.

- <item>Block all incoming access also to TCP ports between 1001 and 1024
-inclusive, unless rlogin/rsh access from outside is to be enabled, in which
-case incoming SYN (<bf>setup</bf>) connections should be blocked on these
-ports and allowed on the relevant service port(s).
-
 <item>Block <bf>all</bf> incoming UDP traffic. There are very few
 useful services that travel over UDP, and what useful traffic there is
 is normally a security threat (e.g. Suns RPC and NFS protocols). This