Date: Mon, 26 Oct 1998 22:41:46 -0800 From: "Jan B. Koum " <jkb@best.com> To: freebsd-net@FreeBSD.ORG Subject: tcp resets with ipfw Message-ID: <19981026224146.A9124@best.com>
next in thread | raw e-mail | index | archive | help
Hello, It will really be sad when someday someone with root access to FreeBSD box does (either accidently or on purpose): # ipfw add 1 reset tcp from any to any While one might argue this is equivalent to doing "rm -rf /*", many people alias rm to rm -i. Would it make sence to have ipfw code check to make sure people don't take down the network by making a typo or some such? If so, how would we do that? I like the way Cisco routers do: This may severely impact network performance. Continue? [confirm] But ipfw has to be non interactive (sh /etc/rc.firewall). On the other hand, maybe when someone is about to take down their network it would make sence to be interactive to make sure they know what they are doing? I guess this is going all the way back to "Unix lets you do stupid things - else it wouldn't let you do smart things" or some such saying. -- Yan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981026224146.A9124>