Andrew Gould wrote:

> Yes, it's probably time to move to certificates.  Thanks for the suggestion.

If you realize this, then you also want to look at devising an
allow-allow-deny_by_default approach for other critical protocols that
you can't employ certificates for...

Instead of blocking huge netblocks with your firewall (possibly causing
a denial of service on legitimate hosts), it's easier and more resource
friendly to create access rules that deny by default in ANY case. (Those
who provide transit or hosting services can obviously ignore this).

Steve
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Reply via email to