Hey Bill, Tnx much for the input. I'm the new lead sys admin here. Been away from freebsd for far too long. It's good to be back. ;>
On Wed, 18 Apr 2007, Bill Moran spaketh thusly: -} -}that you either need to write stateful rules (so that the initial connection -}creates a state that is then used to allow traffic in both directions) or That's what we currently have set up. -}you need to create two rules -- one to allow traffic out, the other to -}allow traffic in. Stateful filtering is generally considered to be more -}secure, but you then have concerns about properly maintaining state tables, -}which can be a problem on very busy servers. Oh? Why is stateful considered more secure? Anybody have links to good reading on this? I've been through the links in the handbook. Tho' I could have missed something, I didn't see anything on why stateful is more secure than in/out. -- Randy ([EMAIL PROTECTED]) 725.983.1283 <*> Rain puts a hole in stone because of its constancy, not its force. - H. Joseph Gerber _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"