Contributed by jj on from the drop-the-evil-bit-packets-too dept.
By having the X server still listen on port 6000 but let PF block incoming packets that aren't coming from localhost you can still use local X sessions that needs to talk to the TCP port or runs through a port forward from remote, but at the same time don't expose your machine on the network.
Recent changes to PF, like having packet reassembly enabled on all packets by default, will now help clean incoming traffic.
With all the new code and features of PF in there, and the nice side effects it brings according to henning@ as seen below, it needs wider usage.
CVSROOT: /cvs Module name: src Changes by: firstname.lastname@example.org 2009/05/31 13:16:16 Modified files: etc : rc.conf Log message: enable pf by default. turns bombs into flowers, water into beer and eradicts swine flu
(Comments are closed)