Date: Mon, 6 Jun 2016 10:50:14 -0700 From: Nathan Whitehorn <nwhitehorn@freebsd.org> To: Andrey Chernov <ache@freebsd.org>, Ian Lepore <ian@freebsd.org>, lidl@freebsd.org, Matteo Riondato <rionda@gmail.com> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r301226 - in head: etc etc/defaults etc/periodic/security etc/rc.d lib lib/libblacklist libexec libexec/blacklistd-helper share/mk tools/build/mk usr.sbin usr.sbin/blacklistctl usr.sbin... Message-ID: <e8d06c17-cb12-bf85-4e44-cb25e8b97e9f@freebsd.org> In-Reply-To: <ab8b6207-bceb-f5a8-3db8-69cd344677df@freebsd.org> References: <201606021906.u52J649H019481@repo.freebsd.org> <BC308CA2-2EE2-448A-9641-0BB769045868@gmail.com> <90df7c5b-7680-3de0-68ba-ab9bd1c9d73e@FreeBSD.org> <1465232404.1188.5.camel@freebsd.org> <9aafd3b8-ebe2-5ac8-e91b-31ffed34eff1@freebsd.org> <1465233764.1188.9.camel@freebsd.org> <ab8b6207-bceb-f5a8-3db8-69cd344677df@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 06/06/16 10:25, Andrey Chernov wrote: > On 06.06.2016 20:22, Ian Lepore wrote: >> On Mon, 2016-06-06 at 20:06 +0300, Andrey Chernov wrote: >>> As variant, I keep hope blacklist sh helper will teach about ipfw >>> soon, >>> it looks possible. Then it can be re-enabled by default. >> No, it should still not be enabled by default. Maybe it should be >> enabled in response to some question in the installer, or maybe even >> better, enabled only if some firewall software that understands it is >> also enabled. But afaik, all the available firewalls are disabled by >> default in defaults/rc.conf, and this should be too. > BTW, it is good idea: to check first, is supported firewall enabled, and > only then enable blacklistd by default. > > Like many others, I think it shouldn't be enabled by default ever, even though it is a useful thing and a service that should be in the small checklist in the installer. FreeBSD has *no* daemons enabled by default except devd and a local sendmail and, since this particular feature is one that many people don't want, this is the wrong time for an expansion of that list. (Thanks for adding this to the system, though, and thanks for changing the setting!) -Nathan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e8d06c17-cb12-bf85-4e44-cb25e8b97e9f>