From owner-freebsd-hackers  Wed Dec 26 10:17: 1 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from albatross.prod.itd.earthlink.net (albatross.mail.pas.earthlink.net [207.217.120.120])
	by hub.freebsd.org (Postfix) with ESMTP id 69C8337B419
	for <freebsd-hackers@freebsd.org>; Wed, 26 Dec 2001 10:16:58 -0800 (PST)
Received: from dialup-209.244.107.61.dial1.sanjose1.level3.net ([209.244.107.61] helo=blossom.cjclark.org)
	by albatross.prod.itd.earthlink.net with esmtp (Exim 3.33 #1)
	id 16JIbo-0004vn-00; Wed, 26 Dec 2001 10:16:57 -0800
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.3) id fBQIGnm02441;
	Wed, 26 Dec 2001 10:16:49 -0800 (PST)
	(envelope-from cjc)
Date: Wed, 26 Dec 2001 10:16:49 -0800
From: "Crist J . Clark" <cristjc@earthlink.net>
To: Igor M Podlesny <poige@morning.ru>
Cc: freebsd-hackers@FreeBSD.ORG
Subject: Re: /etc/rc.firewall and /sys/netinet/ip_input.c are doing the same thing
Message-ID: <20011226101649.A2090@blossom.cjclark.org>
Reply-To: cjclark@alum.mit.edu
References: <Pine.BSF.4.33.0112231015180.35760-100000@resnet.uoregon.edu> <107466819110.20011224191009@morning.ru> <20011225151328.A136@gohan.cjclark.org> <18957829724.20011226144634@morning.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <18957829724.20011226144634@morning.ru>; from poige@morning.ru on Wed, Dec 26, 2001 at 02:46:34PM +0700
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

On Wed, Dec 26, 2001 at 02:46:34PM +0700, Igor M Podlesny wrote:
> 
> > On Mon, Dec 24, 2001 at 07:10:09PM +0700, Igor M Podlesny wrote:
> >> 
> >> well, not all the same, but partly. Take a look:
> 
> > Yes. We know.
> 
> Well. It doesn't surprise me.
> 
> P.S. Is it a `feature'? ;)
> 
> P.P.S.  Talking seriously (as much as possible ;), which reasons don't
> let removing of 3 lines from rc.firewall?

The reason not to remove them is to avoid the steady stream of emails
to -questions, -security, -ipfw, and -net from people unaware of the
built-in protection from loopback addresses informing us that we
should have rules like that by default. The rules don't hurt
anything (just _try_ to measure a performance impact), but you should
of course feel free to not include them in your own firewall scripts.
-- 
"It's always funny until someone gets hurt. Then it's hilarious."

Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message