Date: Sun, 9 Dec 2018 10:29:26 -0800 From: Michael Sierchio <kudzu@tenebras.com> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Change IPFW default to allow Message-ID: <CAHu1Y72L4yrgz_v5qS_vwdu3z1AeLaqHyM7NWOkrkJyNZODNDg@mail.gmail.com> In-Reply-To: <5C0D5BAB.5040404@gmail.com> References: <5C0D594C.2060407@gmail.com> <5C0D5BAB.5040404@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Dec 9, 2018 at 10:17 AM JD <jd1008@gmail.com> wrote: > What a horrible (terribly insecure) suggestion for default operation of > IPFW. Default to accept merely means that the default rule - rule 65535 - permits all traffic. It is useful when booting and getting all other services operational. Loading a firewall ruleset changes that entirely. Imagine a situation in which your cloud instance tries to get a DHCP address and routing information, only to fail because no packets can go in or out. You haven't done this before, have you? --=20 "Well," Brahma said, "even after ten thousand explanations, a fool is no wiser, but an intelligent person requires only two thousand five hundred." - The Mah=C4=81bh=C4=81rata
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHu1Y72L4yrgz_v5qS_vwdu3z1AeLaqHyM7NWOkrkJyNZODNDg>