From owner-freebsd-current Mon Feb 26 15:57:33 1996 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id PAA28392 for current-outgoing; Mon, 26 Feb 1996 15:57:33 -0800 (PST) Received: from GndRsh.aac.dev.com (GndRsh.aac.dev.com [198.145.92.241]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id PAA28385 Mon, 26 Feb 1996 15:57:27 -0800 (PST) Received: (from rgrimes@localhost) by GndRsh.aac.dev.com (8.6.12/8.6.12) id PAA15114; Mon, 26 Feb 1996 15:55:33 -0800 From: "Rodney W. Grimes" Message-Id: <199602262355.PAA15114@GndRsh.aac.dev.com> Subject: Re: -stable hangs at boot (fwd) To: nate@sri.MT.net (Nate Williams) Date: Mon, 26 Feb 1996 15:55:33 -0800 (PST) Cc: jgreco@brasil.moneng.mei.com, nate@sri.MT.net, phk@critter.tfs.com, stable@freebsd.org, current@freebsd.org In-Reply-To: <199602262204.PAA01109@rocky.sri.MT.net> from "Nate Williams" at Feb 26, 96 03:04:06 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-current@freebsd.org Precedence: bulk .... > > > It's not punching any hole in the code. *ALL* of the firewall products > > > I've used (not extensive by any means) are open by default and require > > > the user to explicitly close them. If a user mis-configures the > > > firewall it's their problem in all of the other products, why is it now > > > FreeBSD's problem to make the users 'smarter'? > > > > I've never seen a firewall product that is open by default. That is an > > oxymoron. > > A firewall is *always* open by default. You determine what it is to > firewall against. All of them haven't told me how to make policy, or > force me to 'revert' behavior. Firewalls don't make policy, they > enforce policy. It is not a firewall if it is always open, it is just a plain old router :-) And per the RFC's FreeBSD can not, and does not, ship with even IP forwarding turned on. -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation Company Reliable computers for FreeBSD