From owner-freebsd-stable Wed Jan 30 21:58:32 2002 Delivered-To: freebsd-stable@freebsd.org Received: from rover.village.org (rover.bsdimp.com [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id B0F2337B417 for ; Wed, 30 Jan 2002 21:58:30 -0800 (PST) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.3/8.11.3) with ESMTP id g0V5wTo33624; Wed, 30 Jan 2002 22:58:29 -0700 (MST) (envelope-from imp@village.org) Received: from localhost (warner@rover2.village.org [10.0.0.1]) by harmony.village.org (8.11.6/8.11.6) with ESMTP id g0V5wSx29350; Wed, 30 Jan 2002 22:58:28 -0700 (MST) (envelope-from imp@village.org) Date: Wed, 30 Jan 2002 22:58:01 -0700 (MST) Message-Id: <20020130.225801.103629586.imp@village.org> To: drosih@rpi.edu Cc: n@nectar.cc, dillon@apollo.backplane.com, freebsd-stable@FreeBSD.ORG Subject: Re: Proposed Solution To Recent "firewall_enable" Thread. [Please Read] From: "M. Warner Losh" In-Reply-To: References: <20020130225454.A48040@hellblazer.nectar.cc> X-Mailer: Mew version 2.1 on Emacs 21.1 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In message: Garance A Drosihn writes: : Why should only Joe Experienced User be getting the benefit of : booting up with the firewall active? Now, I am *definitely* not : suggesting this for -stable, but why don't we have the default : GENERIC kernel include the firewall support? Why should anyone : *have* to compile a kernel to get this full-time protection? : ("fulltime" meaning "firewall active for the entire boot sequence"). ipfw or ipfilter. which one should we choose? That's why. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message