From owner-freebsd-doc Fri Mar 8 20:37:57 2002 Delivered-To: freebsd-doc@freebsd.org Received: from pittgoth.com (14.zlnp1.xdsl.nauticom.net [209.195.149.111]) by hub.freebsd.org (Postfix) with ESMTP id E27DC37B405 for ; Fri, 8 Mar 2002 20:37:52 -0800 (PST) Received: from pittgoth.com (c2.depaul-inst.pittsburgh.pa.us [192.168.1.2]) by pittgoth.com (8.11.6/8.11.6) with ESMTP id g294div01419; Fri, 8 Mar 2002 23:39:44 -0500 (EST) (envelope-from darklogik@pittgoth.com) Message-ID: <3C899228.90806@pittgoth.com> Date: Fri, 08 Mar 2002 23:40:08 -0500 From: Tom Rhodes User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:0.9.2) Gecko/20010628 X-Accept-Language: en-us MIME-Version: 1.0 To: Dima Dorfman Cc: freebsd-doc@FreeBSD.ORG, "Gary W. Swearingen" Subject: Re: docs/35686: blackhole(4) page seems to contradict itself in WARNING References: <200203090210.g292A2C52131@freefall.freebsd.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-doc@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dima Dorfman wrote: >The following reply was made to PR docs/35686; it has been noted by GNATS. > >From: Dima Dorfman >To: swear@blarg.net >Cc: FreeBSD-gnats-submit@freebsd.org >Subject: Re: docs/35686: blackhole(4) page seems to contradict itself in WARNING >Date: Sat, 09 Mar 2002 02:01:46 +0000 > > "Gary W. Swearingen" wrote: > > > > >Number: 35686 > > >Category: docs > > >Synopsis: blackhole(4) page seems to contradict itself in WARNING > > >Description: > > > > The "warnings" section of the blackhole(4) man page has these two > > statements: > > > > In order to create a highly secure system, ipfw(8) should be used > > for protection, not the blackhole feature. > > > > This mechanism is not a substitute for securing a system. It should > > be used together with other security mechanisms. > > To me, this sounds more redundant than contradicting (they both say > that blackhole isn't sufficient for a "secure system"), but I can > understand how someone might interpret it that way. Do you have any > suggestions for a better wording? Perhaps just removing the first > paragraph would suffice--that seems more like a plug for ipfw(8) than > a bug in blackhole(4), anyway. > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-doc" in the body of the message > > Review my last comment on this matter... these 2 paragraphs make me question if it can be used with ipfw(8) and other security ``mechanisms'' If anything, I feel the page isn't giveing enough information. I mean, can you ONLY use blackhole(4) or can you use it with ipfw(8)... If you must use them seperate, then why does blackhole(4) even exist... Sorry if i'm being "newbie" like, but I am asking myself these same questions To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message