Date: Thu, 31 Jan 2002 01:48:14 -0600 From: "Mike Meyer" <mwm-dated-1012895294.8467e5@mired.org> To: Garance A Drosihn <drosih@rpi.edu> Cc: "Jacques A. Vidrine" <n@nectar.cc>, freebsd-stable@FreeBSD.ORG Subject: Dangerous before networking is turned on (Was: Proposed Solution To Recent "firewall_enable" Thread.) Read] Message-ID: <15448.63166.62604.785099@guru.mired.org> In-Reply-To: <p0510122bb87e879d4ad3@[128.113.24.47]> References: <JI75GAYSTRA5PJZYUKGON75TOB88.3c586114@VicNBob> <200201310042.g0V0g3255325@apollo.backplane.com> <20020130202356.A47852@hellblazer.nectar.cc> <p05101226b87e6b0f9966@[128.113.24.47]> <20020130225454.A48040@hellblazer.nectar.cc> <p0510122ab87e828d1b16@[128.113.24.47]> <p0510122bb87e879d4ad3@[128.113.24.47]>
next in thread | previous in thread | raw e-mail | index | archive | help
Garance A Drosihn <drosih@rpi.edu> types:
> At 12:28 AM -0500 1/31/02, Garance A Drosihn wrote:
> Why should only Joe Experienced User be getting the benefit of
> booting up with the firewall active? Now, I am *definitely* not
> suggesting this for -stable, but why don't we have the default
> GENERIC kernel include the firewall support? Why should anyone
> *have* to compile a kernel to get this full-time protection?
> ("fulltime" meaning "firewall active for the entire boot sequence").
What's the danger in not having a firewall if you haven't turned any
of the network interfaces on? Granted, we don't do that now for ipfw
firewalls, but that could be fixed.
For that matter, the firewall is turned on before any network services
are started, so there shouldn't be a serious problem, barring things
like the old ping-of-death.
<mike
--
Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/
Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15448.63166.62604.785099>