From owner-freebsd-arch@FreeBSD.ORG  Tue Jul 22 08:31:06 2003
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: freebsd-arch@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 1FA0337B401; Tue, 22 Jul 2003 08:31:06 -0700 (PDT)
Received: from axl.seasidesoftware.co.za (axl.seasidesoftware.co.za
	[196.31.7.201])	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 4315E43F85; Tue, 22 Jul 2003 08:31:04 -0700 (PDT)
	(envelope-from sheldonh@starjuice.net)
Received: from sheldonh by axl.seasidesoftware.co.za with local (Exim 4.20)
	id 19ez6P-0001vh-8R; Tue, 22 Jul 2003 17:30:57 +0200
Date: Tue, 22 Jul 2003 17:30:56 +0200
From: Sheldon Hearn <sheldonh@starjuice.net>
To: David O'Brien <obrien@FreeBSD.org>
Message-ID: <20030722153056.GM863@starjuice.net>
Mail-Followup-To: David O'Brien <obrien@FreeBSD.org>,
	Dag-Erling Sm?rgrav <des@des.no>, John Baldwin <jhb@FreeBSD.org>,
	freebsd-arch@FreeBSD.org
References: <20030719171138.GA86442@dragon.nuxi.com>
	<XFMail.20030721151553.jhb@FreeBSD.org>
	<20030721202314.GC21068@dragon.nuxi.com> <xzpn0f76i69.fsf@dwp.des.no>
	<20030722151138.GB72888@dragon.nuxi.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030722151138.GB72888@dragon.nuxi.com>
User-Agent: Mutt/1.5.4i
Sender: Sheldon Hearn <sheldonh@starjuice.net>
cc: Dag-Erling Sm?rgrav <des@des.no>
cc: John Baldwin <jhb@FreeBSD.org>
cc: freebsd-arch@FreeBSD.org
Subject: Re: Things to remove from /rescue
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussion related to FreeBSD architecture
	<freebsd-arch.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Jul 2003 15:31:06 -0000

On (2003/07/22 08:11), David O'Brien wrote:

> > ipfw -q flush
> > ipfw add pass ip from any to any via lo0
> > ipfw add check-state
> > ipfw add pass udp from me to any domain,ntp out keep-state
> 
> You need to run NTP to rescue your FUBAR'ed /lib???

I don't understand why you chopped off the significant rule:

> > ipfw add pass tcp from me to any out setup keep-state

So let me restate DES case without examples.

It may be that someone wishing to recover a hosed box will both

a) want access to some network-hosted resource, and
b) want to maintain network security while accessing that resource.

I don't see this as an unreasonable requirement, and I can't see what
great cost it incurs that would motivate us to remove support for it.

And remember, this is just one aspect of your "trimming down /rescue".
Nobody's insisting that we keep the bath water. :-)

Ciao,
Sheldon.