Date: Tue, 22 Jul 2003 17:30:56 +0200 From: Sheldon Hearn <sheldonh@starjuice.net> To: David O'Brien <obrien@FreeBSD.org> Cc: freebsd-arch@FreeBSD.org Subject: Re: Things to remove from /rescue Message-ID: <20030722153056.GM863@starjuice.net> In-Reply-To: <20030722151138.GB72888@dragon.nuxi.com> References: <20030719171138.GA86442@dragon.nuxi.com> <XFMail.20030721151553.jhb@FreeBSD.org> <20030721202314.GC21068@dragon.nuxi.com> <xzpn0f76i69.fsf@dwp.des.no> <20030722151138.GB72888@dragon.nuxi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On (2003/07/22 08:11), David O'Brien wrote: > > ipfw -q flush > > ipfw add pass ip from any to any via lo0 > > ipfw add check-state > > ipfw add pass udp from me to any domain,ntp out keep-state > > You need to run NTP to rescue your FUBAR'ed /lib??? I don't understand why you chopped off the significant rule: > > ipfw add pass tcp from me to any out setup keep-state So let me restate DES case without examples. It may be that someone wishing to recover a hosed box will both a) want access to some network-hosted resource, and b) want to maintain network security while accessing that resource. I don't see this as an unreasonable requirement, and I can't see what great cost it incurs that would motivate us to remove support for it. And remember, this is just one aspect of your "trimming down /rescue". Nobody's insisting that we keep the bath water. :-) Ciao, Sheldon.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030722153056.GM863>