From owner-freebsd-doc  Fri Jan  3 19: 1:38 2003
Delivered-To: freebsd-doc@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A7D3E37B401
	for <doc@FreeBSD.ORG>; Fri,  3 Jan 2003 19:01:37 -0800 (PST)
Received: from skywalker.rogness.net (skywalker.rogness.net [64.251.173.102])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E795843E4A
	for <doc@FreeBSD.ORG>; Fri,  3 Jan 2003 19:01:36 -0800 (PST)
	(envelope-from nick@rogness.net)
Received: from skywalker.rogness.net (localhost [127.0.0.1])
	by skywalker.rogness.net (8.12.5/8.12.5) with ESMTP id h043244X007080;
	Fri, 3 Jan 2003 20:02:04 -0700 (MST)
	(envelope-from nick@rogness.net)
Received: from localhost (nick@localhost)
	by skywalker.rogness.net (8.12.5/8.12.5/Submit) with ESMTP id h04321cT007077;
	Fri, 3 Jan 2003 20:02:02 -0700 (MST)
X-Authentication-Warning: skywalker.rogness.net: nick owned process doing -bs
Date: Fri, 3 Jan 2003 20:01:58 -0700 (MST)
From: Nick Rogness <nick@rogness.net>
To: Giorgos Keramidas <keramida@ceid.upatras.gr>
Cc: Lucky Green <shamrock@cypherpunks.to>, <l.rizzo@iet.unipi.it>,
	<doc@FreeBSD.ORG>
Subject: Re: IPFW: suicidal defaults
In-Reply-To: <20030103212617.GC2505@gothmog.gr>
Message-ID: <20030103195642.G6257-100000@skywalker.rogness.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-doc@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-doc.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-doc>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-doc>
X-Loop: FreeBSD.org

On Fri, 3 Jan 2003, Giorgos Keramidas wrote:

> On 2003-01-02 11:41, Nick Rogness <nick@rogness.net> wrote:
> > On Thu, 2 Jan 2003, Lucky Green wrote:
> > >
> > > 1) at least mention this danger *prominently* in the FreeBSD Handbook.
> >
> > 	Agreed.  There should be a mention.  However, someone has to write
> > 	it.  Instead of bitchin about it, go ahead and submit a change
> > 	(bug report).
>
> Oh but it is documented.  The sample configuration that one can find
> at /usr/src/sys/i386/conf/LINT includes a comment:
>
> # WARNING:  IPFIREWALL defaults to a policy of "deny ip from any to any"
> # and if you do not add other rules during startup to allow access, #
> YOU WILL LOCK YOURSELF OUT.  It is suggested that you set
> firewall_type=open # in /etc/rc.conf when first enabling this feature,
> then refining the # firewall rules in /etc/rc.firewall after you've
> tested that the new kernel # feature works properly.
>
> Ignoring this is not a fault of the documentation :(

	You are right.  The documentation is there.  However, finding this
	is not easy for a beginner.  It wouldn't hurt to mention it
	ipfw(8) and the handbook.

	But that takes work and is redundant :-)

Nick Rogness <nick@rogness.net>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message