Date: Fri, 3 Jan 2003 20:01:58 -0700 (MST) From: Nick Rogness <nick@rogness.net> To: Giorgos Keramidas <keramida@ceid.upatras.gr> Cc: Lucky Green <shamrock@cypherpunks.to>, <l.rizzo@iet.unipi.it>, <doc@FreeBSD.ORG> Subject: Re: IPFW: suicidal defaults Message-ID: <20030103195642.G6257-100000@skywalker.rogness.net> In-Reply-To: <20030103212617.GC2505@gothmog.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 3 Jan 2003, Giorgos Keramidas wrote: > On 2003-01-02 11:41, Nick Rogness <nick@rogness.net> wrote: > > On Thu, 2 Jan 2003, Lucky Green wrote: > > > > > > 1) at least mention this danger *prominently* in the FreeBSD Handbook. > > > > Agreed. There should be a mention. However, someone has to write > > it. Instead of bitchin about it, go ahead and submit a change > > (bug report). > > Oh but it is documented. The sample configuration that one can find > at /usr/src/sys/i386/conf/LINT includes a comment: > > # WARNING: IPFIREWALL defaults to a policy of "deny ip from any to any" > # and if you do not add other rules during startup to allow access, # > YOU WILL LOCK YOURSELF OUT. It is suggested that you set > firewall_type=open # in /etc/rc.conf when first enabling this feature, > then refining the # firewall rules in /etc/rc.firewall after you've > tested that the new kernel # feature works properly. > > Ignoring this is not a fault of the documentation :( You are right. The documentation is there. However, finding this is not easy for a beginner. It wouldn't hurt to mention it ipfw(8) and the handbook. But that takes work and is redundant :-) Nick Rogness <nick@rogness.net> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030103195642.G6257-100000>