Date: Fri, 8 Mar 2002 14:30:02 -0800 (PST) From: Tom Rhodes <darklogik@pittgoth.com> To: freebsd-doc@freebsd.org Subject: Re: docs/35686: blackhole(4) page seems to contradict itself in WARNING Message-ID: <200203082230.g28MU2w01930@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR docs/35686; it has been noted by GNATS. From: Tom Rhodes <darklogik@pittgoth.com> To: swear@blarg.net Cc: FreeBSD-gnats-submit@FreeBSD.ORG Subject: Re: docs/35686: blackhole(4) page seems to contradict itself in WARNING Date: Fri, 08 Mar 2002 17:36:05 -0500 Gary W. Swearingen wrote: > The "warnings" section of the blackhole(4) man page has these two > statements: > > In order to create a highly secure system, ipfw(8) should be used > for protection, not the blackhole feature. > > This mechanism is not a substitute for securing a system. It should > be used together with other security mechanisms. > > The first implies that blackhole shouldn't be used with, say, ipfw, > while the second implies that it should. It needs clarification. > I read over the ``manual page'' &Keramidas.use-manual-page.not-man-page; and I gather this as more a method for port scans. Can this method be used WITH ipfw(8)? If so, then wouldn't it be eaiser to use this feature. I do think you can use it like that, but i'm not sure... paragraph 1 states that setting the value to 2 will drop connections on a closed port... makes me think that ipfw(8) could forward packets and this could be ran along side... But with no experiance with blackhole(4) i'd rather hear another comment... -- Tom (Darklogik) Rhodes www.Pittgoth.com Gothic Liberation Front www.FreeBSD.org The Power To Serve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200203082230.g28MU2w01930>