From owner-freebsd-doc  Fri Mar  8 22:30: 8 2002
Delivered-To: freebsd-doc@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 4380A37B417
	for <freebsd-doc@freebsd.org>; Fri,  8 Mar 2002 22:30:03 -0800 (PST)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g296U3C43476;
	Fri, 8 Mar 2002 22:30:03 -0800 (PST)
	(envelope-from gnats)
Date: Fri, 8 Mar 2002 22:30:03 -0800 (PST)
Message-Id: <200203090630.g296U3C43476@freefall.freebsd.org>
To: freebsd-doc@freebsd.org
Cc: 
From: swear@blarg.net (Gary W. Swearingen)
Subject: Re: docs/35686: blackhole(4) page seems to contradict itself in WARNING
Reply-To: swear@blarg.net (Gary W. Swearingen)
Sender: owner-freebsd-doc@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-doc.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-doc>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-doc>
X-Loop: FreeBSD.org

The following reply was made to PR docs/35686; it has been noted by GNATS.

From: swear@blarg.net (Gary W. Swearingen)
To: Dima Dorfman <dima@trit.org>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: docs/35686: blackhole(4) page seems to contradict itself in WARNING
Date: 08 Mar 2002 22:24:51 -0800

 Dima Dorfman <dima@trit.org> writes:
 
 > "Gary W. Swearingen" <swear@blarg.net> wrote:
 > >     In order to create a highly secure system, ipfw(8) should be used
 > >     for protection, not the blackhole feature.
 > > 
 > >     This mechanism is not a substitute for securing a system.  It should
 > >     be used together with other security mechanisms.
 > 
 ...
 > Do you have any
 > suggestions for a better wording?
 
 No, since I don't know what it SHOULD be trying to say.
 
 This is my best guess at what the above implies, but I doubt if it is
 what it SHOULD imply:
 
     In order to create a highly secure system, ipfw(8) should be used
     for protection, not the blackhole feature.  For a less-than-highly
     secure system, use the blackhole feature with security mechanisms
     other than ipfw(8).  For an unsecure system use only the blackhole
     feature (or nothing).

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message