From owner-freebsd-arch@FreeBSD.ORG  Tue Jul 22 08:11:47 2003
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: freebsd-arch@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 1B59437B401; Tue, 22 Jul 2003 08:11:47 -0700 (PDT)
Received: from dragon.nuxi.com (trang.nuxi.com [66.93.134.19])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 529B743F3F; Tue, 22 Jul 2003 08:11:46 -0700 (PDT)
	(envelope-from obrien@NUXI.com)
Received: from dragon.nuxi.com (obrien@localhost [127.0.0.1])
	by dragon.nuxi.com (8.12.9/8.12.9) with ESMTP id h6MFBcju072949;
	Tue, 22 Jul 2003 08:11:38 -0700 (PDT)
	(envelope-from obrien@dragon.nuxi.com)
Received: (from obrien@localhost)
	by dragon.nuxi.com (8.12.9/8.12.9/Submit) id h6MFBcFI072948;
	Tue, 22 Jul 2003 08:11:38 -0700 (PDT)
Date: Tue, 22 Jul 2003 08:11:38 -0700
From: "David O'Brien" <obrien@FreeBSD.org>
To: Dag-Erling Sm?rgrav <des@des.no>
Message-ID: <20030722151138.GB72888@dragon.nuxi.com>
References: <20030719171138.GA86442@dragon.nuxi.com>
	<XFMail.20030721151553.jhb@FreeBSD.org>
	<20030721202314.GC21068@dragon.nuxi.com> <xzpn0f76i69.fsf@dwp.des.no>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <xzpn0f76i69.fsf@dwp.des.no>
User-Agent: Mutt/1.4.1i
X-Operating-System: FreeBSD 5.1-CURRENT
Organization: The NUXI BSD Group
X-Pgp-Rsa-Fingerprint: B7 4D 3E E9 11 39 5F A3  90 76 5D 69 58 D9 98 7A
X-Pgp-Rsa-Keyid: 1024/34F9F9D5
cc: John Baldwin <jhb@FreeBSD.org>
cc: freebsd-arch@FreeBSD.org
Subject: Re: Things to remove from /rescue
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: obrien@FreeBSD.org
List-Id: Discussion related to FreeBSD architecture
	<freebsd-arch.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Jul 2003 15:11:47 -0000

On Tue, Jul 22, 2003 at 11:10:22AM +0200, Dag-Erling Sm?rgrav wrote:
> "David O'Brien" <obrien@FreeBSD.org> writes:
> > If I did need to get to the Internet to get bits, what does ipfw do
> > for me that "sysctl net.inet.ip.fw.enable=0" doesn't?
> 
> ipfw -q flush
> ipfw add pass ip from any to any via lo0
> ipfw add check-state
> ipfw add pass udp from me to any domain,ntp out keep-state

You need to run NTP to rescue your FUBAR'ed /lib???
If you're this worried about someone breaking into you when you've got
*zero* services running, use a 2nd machine to get those magical bits from
the Internet that will fix your FUBAR'ed /lib.

-- 
-- David  (obrien@FreeBSD.org)