From owner-freebsd-security Wed Mar 14 8:12:49 2001 Delivered-To: freebsd-security@freebsd.org Received: from orestes.cs.brandeis.edu (orestes.cs.brandeis.edu [129.64.3.188]) by hub.freebsd.org (Postfix) with ESMTP id 6481237B718 for ; Wed, 14 Mar 2001 08:12:45 -0800 (PST) (envelope-from meshko@orestes.cs.brandeis.edu) Received: from localhost (meshko@localhost) by orestes.cs.brandeis.edu (8.9.3/8.9.3) with ESMTP id LAA03889; Wed, 14 Mar 2001 11:12:29 -0500 Date: Wed, 14 Mar 2001 11:12:29 -0500 (EST) From: Mikhail Kruk To: "Rodney W. Grimes" Cc: , Alan Batie , Subject: Re: ipfw rule -1? In-Reply-To: <200103141605.IAA47316@gndrsh.dnsmgr.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > Rule -1 is given for any packet dropped, but not dropped due to a user > > rule or the default rule. A quick look at the souce indicates the > > above pseudo-rule and some other fragment issues (bogusfrag) are the > > only such situations. > > > > OK, I've answered this one enough times now. Should I send in a PR > > with patch to the manpage or is this for the FAQ? > > Patch the manpage, and the FAQ. Specifically mention the rule number -1 > as being a builtin unalterable set of rules, and describe exactly what those > rules are. Looks like a docs thread, not a security, but I'll stick my 2 cents... I don't think that something that is in a man page and can be easily found in it without even reading the whole thing (search for -1?) belongs to the FAQ. FAQ is for problems which are not easily solved using man because it's unclear where to look for the answer, IMHO. I vote for man page only. > Thanks, > -- > Rod Grimes - KD7CAX @ CN85sl - (RWG25) rgrimes@gndrsh.dnsmgr.net > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message