Andrew Gould wrote: > Yes, it's probably time to move to certificates. Thanks for the suggestion.
If you realize this, then you also want to look at devising an allow-allow-deny_by_default approach for other critical protocols that you can't employ certificates for... Instead of blocking huge netblocks with your firewall (possibly causing a denial of service on legitimate hosts), it's easier and more resource friendly to create access rules that deny by default in ANY case. (Those who provide transit or hosting services can obviously ignore this). Steve _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[email protected]"
