Date: Mon, 28 Jan 2002 07:44:27 -0600 From: "Jacques A. Vidrine" <n@nectar.cc> To: "Patrick M. Hausen" <hausen@punkt.de> Cc: security-officer@FreeBSD.ORG, stable@FreeBSD.ORG Subject: Re: Firewall config non-intuitiveness Message-ID: <20020128134427.GF33952@madman.nectar.cc> In-Reply-To: <200201280751.g0S7p5414157@hugo10.ka.punkt.de> References: <20020127.120138.07163985.imp@village.org> <200201280751.g0S7p5414157@hugo10.ka.punkt.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 28, 2002 at 08:51:05AM +0100, Patrick M. Hausen wrote: > Wouldn't we get rid of this entire argument, if IPFIREWALL_DEFAULT_TO_ACCEPT > was the default for the kernel part of ipfw and there was an option > IPFIREWALL_DEFAULT_TO_DENY for anyone preferring the "old" behaviour? This will not happen. Default-to-accept is unsafe. -- Jacques A. Vidrine <n@nectar.cc> http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020128134427.GF33952>