Date: Thu, 17 Jul 2003 01:50:52 -0700 From: Luigi Rizzo <rizzo@icir.org> To: freebsd-arch@freebsd.org Subject: Re: Things to remove from /rescue Message-ID: <20030717015052.B46015@xorpc.icir.org> In-Reply-To: <20030717084333.GB35337@funkthat.com>; from gurney_j@efn.org on Thu, Jul 17, 2003 at 01:43:33AM -0700 References: <20030717080805.GA98878@dragon.nuxi.com> <20030717084333.GB35337@funkthat.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jul 17, 2003 at 01:43:33AM -0700, John-Mark Gurney wrote: > David O'Brien wrote this message on Thu, Jul 17, 2003 at 01:08 -0700: > > - ipfw & natd & ipf & ipfs & ipfstat & ipmon & ipnan, why would one needs > > these? /rescue is to fix a borked /, not replace PicoBSD. > > ipfw I can see as useful. If you have a kernel that defaults to closed, > and you need to access the network, then this is a problem. If we had actually, this is trivial to fix: sysctl net.inet.ip.fw.enable=0 > a loader tunable to make a closed firewall open, then this wouldn't be why does this need to be a loader tunable at all and not just an ordinary sysctl ? Just having the rights to issue the ipfw setsockopt() suffices to add a rule and effectively change the default behaviour. And this is (in terms of permissions) no different from issuing a sysctl. cheers luigi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030717015052.B46015>