From owner-freebsd-current Mon Feb 26 15:58:03 1996 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id PAA28477 for current-outgoing; Mon, 26 Feb 1996 15:58:03 -0800 (PST) Received: from rocky.sri.MT.net (rocky.sri.MT.net [204.182.243.10]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id PAA28453 Mon, 26 Feb 1996 15:57:58 -0800 (PST) Received: (from nate@localhost) by rocky.sri.MT.net (8.6.12/8.6.12) id RAA01738; Mon, 26 Feb 1996 17:00:33 -0700 Date: Mon, 26 Feb 1996 17:00:33 -0700 From: Nate Williams Message-Id: <199602270000.RAA01738@rocky.sri.MT.net> To: "Rodney W. Grimes" Cc: nate@sri.MT.net (Nate Williams), stable@freebsd.org, current@freebsd.org Subject: Re: -stable hangs at boot (fwd) In-Reply-To: <199602262355.PAA15114@GndRsh.aac.dev.com> References: <199602262204.PAA01109@rocky.sri.MT.net> <199602262355.PAA15114@GndRsh.aac.dev.com> Sender: owner-current@freebsd.org Precedence: bulk Rodney W. Grimes writes: > > > > It's not punching any hole in the code. *ALL* of the firewall products > > > > I've used (not extensive by any means) are open by default and require > > > > the user to explicitly close them. If a user mis-configures the > > > > firewall it's their problem in all of the other products, why is it now > > > > FreeBSD's problem to make the users 'smarter'? > > > > > > I've never seen a firewall product that is open by default. That is an > > > oxymoron. > > > > A firewall is *always* open by default. You determine what it is to > > firewall against. All of them haven't told me how to make policy, or > > force me to 'revert' behavior. Firewalls don't make policy, they > > enforce policy. > > It is not a firewall if it is always open, it is just a plain old router :-) It's not a configured firewall if it's wide open. ;) Let me re-phrase. All of the firewall products I've used are configured 'wide-open' by default. Now, if you leave it that way you don't have much of a firewall, but that's a configuration problem. Nate