Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 31 Jan 2002 01:17:00 -0500
From:      Garance A Drosihn <drosih@rpi.edu>
To:        "M. Warner Losh" <imp@village.org>
Cc:        n@nectar.cc, dillon@apollo.backplane.com, freebsd-stable@FreeBSD.ORG
Subject:   Re: Proposed Solution To Recent "firewall_enable" Thread. [Please Read]
Message-ID:  <p0510122db87e8ebcf603@[128.113.24.47]>
In-Reply-To: <20020130.225801.103629586.imp@village.org>
References:  <20020130225454.A48040@hellblazer.nectar.cc> <p0510122ab87e828d1b16@[128.113.24.47]> <p0510122bb87e879d4ad3@[128.113.24.47]> <20020130.225801.103629586.imp@village.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
At 10:58 PM -0700 1/30/02, M. Warner Losh wrote:
>In message: <p0510122bb87e879d4ad3@[128.113.24.47]>
>             Garance A Drosihn <drosih@rpi.edu> writes:
>: Why should only Joe Experienced User be getting the benefit of
>: booting up with the firewall active?  Now, I am *definitely* not
>: suggesting this for -stable, but why don't we have the default
>: GENERIC kernel include the firewall support?  Why should anyone
>: *have* to compile a kernel to get this full-time protection?
>: ("fulltime" meaning "firewall active for the entire boot sequence").
>
>ipfw or ipfilter.  which one should we choose?  That's why.

Pick either.  Pick the one with the most-bsd-ish license.  Pick a
(new) third one, one which is very minimal.  Maybe it isn't even
configurable, and it just blocks all packets from outside the subnet
the machine is on.  As long as the person can change it, wouldn't
either choice be better than no firewall?   (if the net continues
to be become more hostile)

[I'm just tossing out a few ideas for consideration, I don't know
enough to have an opinion on this one ...  I'll shut-up now  :-) ]

-- 
Garance Alistair Drosehn            =   gad@eclipse.acs.rpi.edu
Senior Systems Programmer           or  gad@freebsd.org
Rensselaer Polytechnic Institute    or  drosih@rpi.edu

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p0510122db87e8ebcf603>