Add another good book to the required reading.

make a couple of rules more sensible. Reviewed by: phk Submitted by: jmb
svn path=/head/; revision=15210
1996-04-12 09:16:42 +00:00 · 1996-04-12 09:16:42 +00:00 · 86c81cd529 · 2020-12-20 02:59:44 +00:00
commit 86c81cd529
parent 726722154d
1 changed files with 11 additions and 3 deletions
--- a/etc/rc.firewall
+++ b/etc/rc.firewall
@ -1,6 +1,6 @@
 ############
 # Setup system for firewall service.
-# $Id$
+# $Id: rc.firewall,v 1.1 1996/04/03 17:13:58 phk Exp $

 ############
 #
@ -13,6 +13,14 @@
 # If you don't know enough about packet filtering, we suggest that you
 # take time to read this book:
 #
+#	Building Internet Firewalls
+#	Brent Chapman and Elizabeth Zwicky
+#
+#	O'Reilly & Associates, Inc
+#	ISBN 1-56592-124-0
+#
+# For a more advanced treatment of Internet Security read:
+#
 #	Firewalls & Internet Security
 #	Repelling the wily hacker
 #	William R. Cheswick, Steven M. Bellowin
@ -50,7 +58,7 @@ if false ; then
    /sbin/ipfw add pass all from ${net}:${mask} to ${ip}

    # Allow TCP through if setup succeeded
-    /sbin/ipfw add deny tcp from any to any established
+    /sbin/ipfw add pass tcp from any to any established

    # Allow setup of incoming email 
    /sbin/ipfw add pass tcp from any to ${ip} 25 setup
@ -103,7 +111,7 @@ if false ; then
    /sbin/ipfw add deny all from 10.0.0.0:255.0.0.0 to any via ${oif}

    # Allow TCP through if setup succeeded
-    /sbin/ipfw add deny tcp from any to any established
+    /sbin/ipfw add pass tcp from any to any established

    # Allow setup of incoming email 
    /sbin/ipfw add pass tcp from any to ${oip} 25 setup