Date: Tue, 5 Jun 2001 00:30:02 -0700 (PDT) From: Bill Fumerola <billf@mu.org> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/27887: ipfw 'backup' option proposal Message-ID: <200106050730.f557U2119260@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/27887; it has been noted by GNATS.
From: Bill Fumerola <billf@mu.org>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: Re: bin/27887: ipfw 'backup' option proposal
Date: Tue, 5 Jun 2001 02:26:19 -0500
On Tue, Jun 05, 2001 at 10:45:23AM +0400, avn@any.ru wrote:
> >Description:
> Usage of ipfw on remote systems is often dangerous, and handbook
> explicitly warns about this. IMO it can be useful to have a 'backup'
> option to ipfw, which would restore previous ruleset in case that
> user locked himself out. It saves the ruleset, performs requested
> changes to ipfw and asks a user if he is still on-line. In case of
> disconnection, timeout of 15 seconds, or signal delivery, it restores
> previous ruleset. As for now, AFAIK, there is no interface to introduce
> dynamic rules directly, so it restores only static ruleset, and does
> not restore pipes too. But, it should be enough in most cases to
> allow user get back again.
potential committers: don't commit this. I have a much more generic (atomic
changing of rulesets, recursive inclusing of rulesets) implementation that I
might finish one of these days...
in any case, doing this in ipfw(8) doesn't even seem like the right place
to pull this off..
--
Bill Fumerola - security yahoo / Yahoo! inc.
- fumerola@yahoo-inc.com / billf@FreeBSD.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200106050730.f557U2119260>