Date: Fri, 17 Dec 2010 21:10:12 GMT From: Eugene Grosbein <eugen@grosbein.pp.ru> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/153252: [ipfw][patch] ipfw lockdown system in subsequent call of "/etc/rc.d/ipfw start" Message-ID: <201012172110.oBHLACJ7019429@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/153252; it has been noted by GNATS. From: Eugene Grosbein <eugen@grosbein.pp.ru> To: bug-followup@freebsd.org Cc: AlexJ@freebsd.forum Subject: Re: bin/153252: [ipfw][patch] ipfw lockdown system in subsequent call of "/etc/rc.d/ipfw start" Date: Sat, 18 Dec 2010 02:38:45 +0600 1. > # check if firewall already running to prevent subsequent start calls One should not unconditionally disable ability of reloading ipfw rules using "/etc/rc.d/ipfw start" command. For example, it's used extensively in my systems and does not lead to "lock-down". One should learn ipfw(8) manual page including CHECKLIST paragraph and make oneself familiar with proper ways of reloading ipfw over network. 2. Nice catch. However, that's only one of reasons why it is very bad habit to have "./" in PATH. 3. Please use "diff -u" to make unified diffs, they are much easier to read. Eugene Grosbein
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201012172110.oBHLACJ7019429>