From owner-freebsd-hackers Tue Sep 22 17:06:28 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id RAA05590 for freebsd-hackers-outgoing; Tue, 22 Sep 1998 17:06:28 -0700 (PDT) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from indigo.ie (ts04-065.dublin.indigo.ie [194.125.148.195]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA05492 for ; Tue, 22 Sep 1998 17:06:07 -0700 (PDT) (envelope-from rotel@indigo.ie) Received: (from nsmart@localhost) by indigo.ie (8.8.8/8.8.7) id AAA01658; Wed, 23 Sep 1998 00:49:35 +0100 (IST) (envelope-from rotel@ginseng.indigo.ie) From: Niall Smart Message-Id: <199809222349.AAA01658@indigo.ie> Date: Wed, 23 Sep 1998 00:49:34 +0000 In-Reply-To: <199809211827.OAA09675@Loki.orland.u91.k12.me.us>; Drew Baxter Reply-To: rotel@indigo.ie X-Files: The truth is out there X-Mailer: Mail User's Shell (7.2.6 beta(3) 11/17/96) To: Drew Baxter , FreeBSD Hackers Subject: Re: Packet/traffic shapper ? Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sep 21, 2:07pm, Drew Baxter wrote: } Subject: Re: Packet/traffic shapper ? > > But *that* is a user problem... I don't want to 'default accept all' in my > kernel either.. or IPFW_DEFAULT_TO_ACCEPT or whatever option it is.. But > hey, I can only allow certain ports and things like that, which makes it > rather flexible. Personally I don't think IPFW_DEFAULT_TO_ACCEPT is a bad idea, once you are sure you have the accept rules necessary to ensure your connectivity to the host you can pop in a deny all rule. This will probably be slower than defaulting to deny though. Niall -- Niall Smart, rotel@indigo.ie. Amaze your friends and annoy your enemies: echo '#define if(x) if (!(x))' >> /usr/include/stdio.h To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message