From owner-svn-src-head@freebsd.org Mon Jun 6 17:06:34 2016 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1D145B6D804 for ; Mon, 6 Jun 2016 17:06:34 +0000 (UTC) (envelope-from mailing-machine@vniz.net) Received: from mail-lf0-f44.google.com (mail-lf0-f44.google.com [209.85.215.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A2DBC1BEC for ; Mon, 6 Jun 2016 17:06:33 +0000 (UTC) (envelope-from mailing-machine@vniz.net) Received: by mail-lf0-f44.google.com with SMTP id b73so98756859lfb.3 for ; Mon, 06 Jun 2016 10:06:33 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=aiThh3IgYt7zw8DRHreJ8b24E4ujvzOHfcvlHRYkNlk=; b=mbmWSV6RtlzI7X7DcwvaSR2MBNgUDIWU8O1Ad4qsLCT4vQkjUURO/uFkSRBbOrxfk4 fCJNNCa0nsNOG+Rv9Ct0B98V7M5Iem1UX9J84XdARfNearOygSkYW6+KQawe4gfjonJ4 6Wm5ZlRSUvI045QElovylTCRqn8islwGHePn1txkZ7mbsyYkhxNn8iCqZHI5L/tj77di Jyr6qwXpoxLxSIrPHPxCPzAi4431LJ5eMf1a++dVIfuGI6wqXBxvmRuRcnkk/Dkz2JvD C2br2/YkfOw8EyACw1uMRvEUJfx5HIWJHevh4PWm/4HNb/lQLUEwZymtBkJixrnRV3Ns wa+w== X-Gm-Message-State: ALyK8tLN+es6wH6mjsTCk25YKTvufcD1BJV3eIZaqceAm5CSgcnzx7KpAIPzfGQhL2Zjfg== X-Received: by 10.25.206.147 with SMTP id e141mr1346769lfg.138.1465232791472; Mon, 06 Jun 2016 10:06:31 -0700 (PDT) Received: from [192.168.1.2] ([89.169.173.68]) by smtp.gmail.com with ESMTPSA id m8sm1969157lfe.15.2016.06.06.10.06.30 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 06 Jun 2016 10:06:30 -0700 (PDT) Subject: Re: svn commit: r301226 - in head: etc etc/defaults etc/periodic/security etc/rc.d lib lib/libblacklist libexec libexec/blacklistd-helper share/mk tools/build/mk usr.sbin usr.sbin/blacklistctl usr.sbin... To: Ian Lepore , lidl@FreeBSD.org, Matteo Riondato References: <201606021906.u52J649H019481@repo.freebsd.org> <90df7c5b-7680-3de0-68ba-ab9bd1c9d73e@FreeBSD.org> <1465232404.1188.5.camel@freebsd.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org From: Andrey Chernov Message-ID: <9aafd3b8-ebe2-5ac8-e91b-31ffed34eff1@freebsd.org> Date: Mon, 6 Jun 2016 20:06:30 +0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1 MIME-Version: 1.0 In-Reply-To: <1465232404.1188.5.camel@freebsd.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Jun 2016 17:06:34 -0000 On 06.06.2016 20:00, Ian Lepore wrote: > Probably everyone assumed (like I did) that it would be disabled by > default, and didn't notice that wasn't the case. Your response > indicates the problem with "default enabled"... you mention enabling > packet filtering in pf.conf, my response is: WTF is pf.conf and why > are you assuming I do any kind of packet filtering? > > I have literally dozens of systems here running freebsd, only one of > them runs ipfw, and most of them are systems with small memory and > wimpy processors, so why would I want extra do-nothing network daemons > running on them by default? As variant, I keep hope blacklist sh helper will teach about ipfw soon, it looks possible. Then it can be re-enabled by default.