Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 22 Jul 2003 17:30:56 +0200
From:      Sheldon Hearn <sheldonh@starjuice.net>
To:        David O'Brien <obrien@FreeBSD.org>
Cc:        freebsd-arch@FreeBSD.org
Subject:   Re: Things to remove from /rescue
Message-ID:  <20030722153056.GM863@starjuice.net>
In-Reply-To: <20030722151138.GB72888@dragon.nuxi.com>
References:  <20030719171138.GA86442@dragon.nuxi.com> <XFMail.20030721151553.jhb@FreeBSD.org> <20030721202314.GC21068@dragon.nuxi.com> <xzpn0f76i69.fsf@dwp.des.no> <20030722151138.GB72888@dragon.nuxi.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On (2003/07/22 08:11), David O'Brien wrote:

> > ipfw -q flush
> > ipfw add pass ip from any to any via lo0
> > ipfw add check-state
> > ipfw add pass udp from me to any domain,ntp out keep-state
> 
> You need to run NTP to rescue your FUBAR'ed /lib???

I don't understand why you chopped off the significant rule:

> > ipfw add pass tcp from me to any out setup keep-state

So let me restate DES case without examples.

It may be that someone wishing to recover a hosed box will both

a) want access to some network-hosted resource, and
b) want to maintain network security while accessing that resource.

I don't see this as an unreasonable requirement, and I can't see what
great cost it incurs that would motivate us to remove support for it.

And remember, this is just one aspect of your "trimming down /rescue".
Nobody's insisting that we keep the bath water. :-)

Ciao,
Sheldon.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030722153056.GM863>