From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: Question regarding the forthcoming default firewall rule patch Date: Thu, 26 Oct 2023 11:37:22 +0100 Message-ID: <215D5812-4814-40DA-A66E-602304F2B7FB@ipfire.org> In-Reply-To: <3a40cea1-f8a1-4ec4-9711-83c6d21980f2@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5556629992218177133==" List-Id: --===============5556629992218177133== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Peter, I do not think that it should contain a link. First of all, it won=E2=80=99t be clickable and as we don=E2=80=99t parse the= comments and look for links. Secondly, we should not link to external websit= es that we don=E2=80=99t control like this. And last, but not least, the prop= osed PDF is really long and complicated and I don=E2=80=99t think that this i= s helpful to encourage people to keep that rule there. So, simply =E2=80=9CBlock port 25 (TCP) for outgoing connections to the inter= net=E2=80=9D should do it. More stuff should be referred to on the wiki. -Michael > On 26 Oct 2023, at 11:33, Peter M=C3=BCller wr= ote: >=20 > Hello Michael, > hello *, >=20 > for the forthcoming patch, which introduces a firewall rule for rejecting T= CP > connections to destination port 25 on RED from all internal networks on new > installations only, I'd like to clarify upfront what resource the rules' co= mment > should link to, if any. >=20 > This could be a blog post by us, which would only go live shortly before the > release of the Core Update this patch is merged into, so it will be a dead > link at the time of patch submission. >=20 > Otherwise, linking to our wiki would work as well, or we can refer to the > M3AAWG recommendation on this topic (https://www.m3aawg.org/Port25_IPNetwor= ks) > straight away. >=20 > Do you have any preferences? >=20 > Thanks, and best regards, > Peter M=C3=BCller (crawls back into the sewers) --===============5556629992218177133==--