From owner-freebsd-net  Tue Oct 27 02:11:21 1998
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id CAA03020
          for freebsd-net-outgoing; Tue, 27 Oct 1998 02:11:21 -0800 (PST)
          (envelope-from owner-freebsd-net@FreeBSD.ORG)
Received: from big-gw.tellique.de (big-gw.tellique.de [195.126.133.179])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA03007
          for <freebsd-net@freebsd.org>; Tue, 27 Oct 1998 02:11:18 -0800 (PST)
          (envelope-from ni@tellique.de)
Received: from tellique.de (nolde.tellique.de [62.144.106.52])
	by big-gw.tellique.de (8.8.8/8.8.8) with ESMTP id LAA08383;
	Tue, 27 Oct 1998 11:10:35 +0100 (MET)
Message-ID: <36359C1B.7EF1FEA2@tellique.de>
Date: Tue, 27 Oct 1998 11:10:35 +0100
From: Juergen Nickelsen <ni@tellique.de>
Organization: Tellique Kommunikationstechnik GmbH
X-Mailer: Mozilla 4.07 [en] (WinNT; U)
MIME-Version: 1.0
To: "Jan B. Koum" <jkb@best.com>
CC: FreeBSD Networking <freebsd-net@FreeBSD.ORG>
Subject: Re: tcp resets with ipfw
References: <19981026224146.A9124@best.com> <199810270608.HAA03617@labinfo.iet.unipi.it> <19981027002354.A21396@best.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> > > # ipfw add 1 reset tcp from any to any
> > >
> > >     While one might argue this is equivalent to doing "rm -rf /*",
> > >     many people alias rm to rm -i.
[...]
> > The problem exists for far too many commands including
> >
> >       ifconfig XXX delete
[...]
> Plus, your example takes down a system. Mine takes down the whole
> network. Imagine a hub at an ISP Colo and someone does that. *Poof*

Both commands do not take down the system (as it is still possible to
log in at the console), and both take down the outside connection of a
network if the network routes through this machine.

I agree with Luigi; whoever puts his or her fingers on ipfw and ifconfig
should know or be willing to learn what mistakes with these commands can
do to a system. Taking a system or network down is, luckily, in most
cases reversible.

BTW, aliasing "rm" to "rm -i" is a very bad idea. Sweat on your palms
when doing a "rm -rf" as root is good for remembering possible
consequences. If you rely on "rm" being "rm -i", you may tend to do so
even when the alias is not in place. Removing Files on a Unix file
system is not reversible.

Greetings, Juergen.

-- 
Juergen Nickelsen <ni@tellique.de>
Tellique Kommunikationstechnik GmbH
Gustav-Meyer-Allee 25, 13355 Berlin, Germany
Tel. +49 30 46307-552 / Fax +49 30 46307-579

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message