Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 28 Jan 2002 12:45:57 -0800
From:      "Robert L Sowders" <rsowders@usgs.gov>
To:        art@pilikia.net
Cc:        "Erik Trulsson" <ertr1013@student.uu.se>, freebsd-stable@freebsd.org, owner-freebsd-stable@FreeBSD.ORG
Subject:   Re: Firewall config non-intuitiveness
Message-ID:  <OF718102BB.874211A1-ON88256B4F.0071FAAB@wr.usgs.gov>
next in thread | raw e-mail | index | archive | help 
You have obviously missed the beginning of this thread, check google to 
come up to speed





"Arthur W. Neilson III" <art@pilikia.net>
Sent by: owner-freebsd-stable@FreeBSD.ORG
01/28/2002 12:36 PM
Please respond to art

 
        To:     "Erik Trulsson" <ertr1013@student.uu.se>
        cc:     freebsd-stable@freebsd.org
        Subject:        Re: Firewall config non-intuitiveness

Right on.  I want my firewalls to protect by default, no dufus admin
typo can accidently expose us to intrusion.  Most security doctrines
adhere to the tenet of denying by default and allowing as needed 
instead of vice versa.  To allow by default is asking for trouble. 

On 1/28/02 at 8:29 PM Erik Trulsson wrote:
>
>So, while I agree the the current situation might not be quite as
>intuitive as it might be changing the behaviour of firewall_enable="NO"
>to actually disabling the firewall is, IMO, *not* the right way to fix
>this. 
>(If the admin went to the trouble of adding IPFIREWALL to the kernel,
>the default behaviour should be to not disable it.)

--
    __
   /  )    _/_  It is a capital mistake to theorise before one has data.
  /--/ __  /    Insensibly one begins to twist facts to suit theories,
 /  (_/ (_<__   Instead of theories to suit facts.
                     -- Sherlock Holmes, "A Scandal in Bohemia"
 Arthur W. Neilson III, WH7N - FISTS #7448
 Bank of Hawaii Network Services
 http://www.pilikia.net
 art@pilikia.net, aneilson@boh.com, wh7n@arrl.net



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OF718102BB.874211A1-ON88256B4F.0071FAAB>