From owner-freebsd-arch@FreeBSD.ORG Fri Jul 18 07:44:42 2003 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 40B0137B401; Fri, 18 Jul 2003 07:44:42 -0700 (PDT) Received: from smtp.omnis.com (smtp.omnis.com [216.239.128.26]) by mx1.FreeBSD.org (Postfix) with ESMTP id 879AE43F75; Fri, 18 Jul 2003 07:44:41 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from softweyr.homeunix.net (66-91-236-204.san.rr.com [66.91.236.204]) by smtp-relay.omnis.com (Postfix) with ESMTP id A07FB5B67D; Fri, 18 Jul 2003 07:44:39 -0700 (PDT) From: Wes Peters Organization: Softweyr To: John Baldwin , John-Mark Gurney Date: Fri, 18 Jul 2003 07:44:38 -0700 User-Agent: KMail/1.5.2 References: <20030717080805.GA98878@dragon.nuxi.com> <20030717085439.GC35337@funkthat.com> <200307170902.20004.jhb@FreeBSD.org> In-Reply-To: <200307170902.20004.jhb@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200307180744.38792.wes@softweyr.com> cc: darrenr@freebsd.org cc: arch@FreeBSD.org Subject: Re: Things to remove from /rescue X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Jul 2003 14:44:42 -0000 On Thursday 17 July 2003 06:05 am, John Baldwin wrote: > On Thursday 17 July 2003 04:54 am, John-Mark Gurney wrote: > > Luigi Rizzo wrote this message on Thu, Jul 17, 2003 at 01:50 -0700: > > > On Thu, Jul 17, 2003 at 01:43:33AM -0700, John-Mark Gurney wrote: > > > > David O'Brien wrote this message on Thu, Jul 17, 2003 at 01:08 -0700: > > > > > - ipfw & natd & ipf & ipfs & ipfstat & ipmon & ipnan, why would > > > > > one needs these? /rescue is to fix a borked /, not replace > > > > > PicoBSD. > > > > > > > > ipfw I can see as useful. If you have a kernel that defaults to > > > > closed, and you need to access the network, then this is a > > > > problem. If we had > > > > > > actually, this is trivial to fix: > > > > > > sysctl net.inet.ip.fw.enable=0 > > > > I didn't know about this. :) > > > > My objection to removing it has been removed. :) I now support > > removing ipfw and friends (from /rescue). > > I believe that sysctl only affects ipfw, so people using ipfilter might > still need ipf if ipfilter defaults to block as well. It would seem advisable to add such a sysctl for ipfilter. Any objections, Darren? -- Where am I, and what am I doing in this handbasket? Wes Peters wes@softweyr.com