Date: Wed, 14 Mar 2001 08:45:00 -0800 (PST) From: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> To: meshko@cs.brandeis.edu (Mikhail Kruk) Cc: cjclark@alum.mit.edu, alan@batie.org (Alan Batie), security@FreeBSD.ORG Subject: Re: ipfw rule -1? Message-ID: <200103141645.IAA47445@gndrsh.dnsmgr.net> In-Reply-To: <Pine.LNX.4.30.0103141109190.2204-100000@orestes.cs.brandeis.edu> from Mikhail Kruk at "Mar 14, 2001 11:12:29 am"
next in thread | previous in thread | raw e-mail | index | archive | help
> > > Rule -1 is given for any packet dropped, but not dropped due to a user > > > rule or the default rule. A quick look at the souce indicates the > > > above pseudo-rule and some other fragment issues (bogusfrag) are the > > > only such situations. > > > > > > OK, I've answered this one enough times now. Should I send in a PR > > > with patch to the manpage or is this for the FAQ? > > > > Patch the manpage, and the FAQ. Specifically mention the rule number -1 > > as being a builtin unalterable set of rules, and describe exactly what those > > rules are. > > Looks like a docs thread, not a security, but I'll stick my 2 cents... > I don't think that something that is in a man page and can be easily found > in it without even reading the whole thing (search for -1?) belongs to the > FAQ. FAQ is for problems which are not easily solved using man because > it's unclear where to look for the answer, IMHO. > I vote for man page only. 90% of what is in the FAQ can be found in man pages. If we apply your reasoning to the FAQ we could reduce it to 1/10th it's current size :-) -- Rod Grimes - KD7CAX @ CN85sl - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103141645.IAA47445>