From owner-freebsd-bugs@FreeBSD.ORG  Fri Dec 17 21:10:15 2010
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id DE571106577E
	for <freebsd-bugs@hub.freebsd.org>;
	Fri, 17 Dec 2010 21:10:15 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 161798FC08
	for <freebsd-bugs@hub.freebsd.org>;
	Fri, 17 Dec 2010 21:10:13 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id oBHLACqj019430
	for <freebsd-bugs@freefall.freebsd.org>; Fri, 17 Dec 2010 21:10:12 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id oBHLACJ7019429;
	Fri, 17 Dec 2010 21:10:12 GMT (envelope-from gnats)
Date: Fri, 17 Dec 2010 21:10:12 GMT
Message-Id: <201012172110.oBHLACJ7019429@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
From: Eugene Grosbein <eugen@grosbein.pp.ru>
Cc: 
Subject: Re: bin/153252: [ipfw][patch] ipfw lockdown system in subsequent
 call of "/etc/rc.d/ipfw start"
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Eugene Grosbein <eugen@grosbein.pp.ru>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Dec 2010 21:10:16 -0000

The following reply was made to PR bin/153252; it has been noted by GNATS.

From: Eugene Grosbein <eugen@grosbein.pp.ru>
To: bug-followup@freebsd.org
Cc: AlexJ@freebsd.forum
Subject: Re: bin/153252: [ipfw][patch] ipfw lockdown system in subsequent
 call of "/etc/rc.d/ipfw start"
Date: Sat, 18 Dec 2010 02:38:45 +0600

 1.
 
 > # check if firewall already running to prevent subsequent start calls
 
 One should not unconditionally disable ability of reloading ipfw rules
 using "/etc/rc.d/ipfw start" command. For example, it's used extensively
 in my systems and does not lead to "lock-down". One should learn
 ipfw(8) manual page including CHECKLIST paragraph and make oneself
 familiar with proper ways of reloading ipfw over network.
 
 2. Nice catch. However, that's only one of reasons why it is
 very bad habit to have "./" in PATH.
 
 3. Please use "diff -u" to make unified diffs,
 they are much easier to read.
 
 Eugene Grosbein