On Nov 23 17:03:15, Eirik ?verby wrote:
I have a FreeBSD based firewall (pfsense) and, behind it, a few dozen
FreeBSD servers. Now we're required to run external security scans
(nessus++) on some of the hosts, and they constantly come back with a
high or medium severity problem: The host
Should you want to continue with your own tool, at least for IPv4,
consider using tables rather than a raft of rules. With tables, you need
only a single rule and it is there at boot time.
Also, you might want to consider switching to pf
which this functionality built-in.
Jan