Date: Mon, 28 Jan 2002 10:36:19 -1000 From: "Arthur W. Neilson III" <art@pilikia.net> To: "Erik Trulsson" <ertr1013@student.uu.se> Cc: freebsd-stable@freebsd.org Subject: Re: Firewall config non-intuitiveness Message-ID: <200201281036190800.033FD7A3@smtp> In-Reply-To: <20020128192930.GA86720@student.uu.se> References: <200201271757.g0RHvTF12944@midway.uchicago.edu> <1617.216.153.202.59.1012240332.squirrel@www1.27in.tv> <20020128192930.GA86720@student.uu.se>
next in thread | previous in thread | raw e-mail | index | archive | help
Right on. I want my firewalls to protect by default, no dufus admin
typo can accidently expose us to intrusion. Most security doctrines
adhere to the tenet of denying by default and allowing as needed
instead of vice versa. To allow by default is asking for trouble.
On 1/28/02 at 8:29 PM Erik Trulsson wrote:
>
>So, while I agree the the current situation might not be quite as
>intuitive as it might be changing the behaviour of firewall_enable="NO"
>to actually disabling the firewall is, IMO, *not* the right way to fix
>this.
>(If the admin went to the trouble of adding IPFIREWALL to the kernel,
>the default behaviour should be to not disable it.)
--
__
/ ) _/_ It is a capital mistake to theorise before one has data.
/--/ __ / Insensibly one begins to twist facts to suit theories,
/ (_/ (_<__ Instead of theories to suit facts.
-- Sherlock Holmes, "A Scandal in Bohemia"
Arthur W. Neilson III, WH7N - FISTS #7448
Bank of Hawaii Network Services
http://www.pilikia.net
art@pilikia.net, aneilson@boh.com, wh7n@arrl.net
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200201281036190800.033FD7A3>