From owner-freebsd-security  Wed Mar 14  8:45:16 2001
Delivered-To: freebsd-security@freebsd.org
Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4])
	by hub.freebsd.org (Postfix) with ESMTP id 546D437B71A
	for <security@FreeBSD.ORG>; Wed, 14 Mar 2001 08:45:12 -0800 (PST)
	(envelope-from freebsd@gndrsh.dnsmgr.net)
Received: (from freebsd@localhost)
	by gndrsh.dnsmgr.net (8.9.3/8.9.3) id IAA47445;
	Wed, 14 Mar 2001 08:45:00 -0800 (PST)
	(envelope-from freebsd)
From: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>
Message-Id: <200103141645.IAA47445@gndrsh.dnsmgr.net>
Subject: Re: ipfw rule -1?
In-Reply-To: <Pine.LNX.4.30.0103141109190.2204-100000@orestes.cs.brandeis.edu> from Mikhail Kruk at "Mar 14, 2001 11:12:29 am"
To: meshko@cs.brandeis.edu (Mikhail Kruk)
Date: Wed, 14 Mar 2001 08:45:00 -0800 (PST)
Cc: cjclark@alum.mit.edu, alan@batie.org (Alan Batie),
	security@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL54 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> > > Rule -1 is given for any packet dropped, but not dropped due to a user
> > > rule or the default rule. A quick look at the souce indicates the
> > > above pseudo-rule and some other fragment issues (bogusfrag) are the
> > > only such situations.
> > >
> > > OK, I've answered this one enough times now. Should I send in a PR
> > > with patch to the manpage or is this for the FAQ?
> >
> > Patch the manpage, and the FAQ.  Specifically mention the rule number -1
> > as being a builtin unalterable set of rules, and describe exactly what those
> > rules are.
> 
> Looks like a docs thread, not a security, but I'll stick my 2 cents...
> I don't think that something that is in a man page and can be easily found
> in it without even reading the whole thing (search for -1?) belongs to the
> FAQ. FAQ is for problems which are not easily solved using man because
> it's unclear where to look for the answer, IMHO.
> I vote for man page only.

90% of what is in the FAQ can be found in man pages.  If we apply your
reasoning to the FAQ we could reduce it to 1/10th it's current size :-)

-- 
Rod Grimes - KD7CAX @ CN85sl - (RWG25)               rgrimes@gndrsh.dnsmgr.net

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message