From owner-svn-src-all@freebsd.org Mon Jun 6 17:50:22 2016 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0F24EB6D288; Mon, 6 Jun 2016 17:50:22 +0000 (UTC) (envelope-from nwhitehorn@freebsd.org) Received: from d.mail.sonic.net (d.mail.sonic.net [64.142.111.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C5ED618CE; Mon, 6 Jun 2016 17:50:21 +0000 (UTC) (envelope-from nwhitehorn@freebsd.org) Received: from aurora.physics.berkeley.edu (aurora.physics.berkeley.edu [128.32.117.67]) (authenticated bits=0) by d.mail.sonic.net (8.15.1/8.15.1) with ESMTPSA id u56HoEfo024566 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 6 Jun 2016 10:50:14 -0700 Subject: Re: svn commit: r301226 - in head: etc etc/defaults etc/periodic/security etc/rc.d lib lib/libblacklist libexec libexec/blacklistd-helper share/mk tools/build/mk usr.sbin usr.sbin/blacklistctl usr.sbin... To: Andrey Chernov , Ian Lepore , lidl@freebsd.org, Matteo Riondato References: <201606021906.u52J649H019481@repo.freebsd.org> <90df7c5b-7680-3de0-68ba-ab9bd1c9d73e@FreeBSD.org> <1465232404.1188.5.camel@freebsd.org> <9aafd3b8-ebe2-5ac8-e91b-31ffed34eff1@freebsd.org> <1465233764.1188.9.camel@freebsd.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org From: Nathan Whitehorn Message-ID: Date: Mon, 6 Jun 2016 10:50:14 -0700 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101 Thunderbird/45.1.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Sonic-CAuth: UmFuZG9tSVZVU4Aac47XoTcThYsjHxiSHDZlmPWFPwQsM3LjoWVgtf0eezmA8VzrBmSgQ/U2AI+KsXjNRtFcNUt7UIXevhBP9jlgy79GAWc= X-Sonic-ID: C;IDuPHw8s5hGkBbsdzAjavA== M;5Fq6Hw8s5hGkBbsdzAjavA== X-Spam-Flag: No X-Sonic-Spam-Details: 2.5/5.0 by cerberusd X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Jun 2016 17:50:22 -0000 On 06/06/16 10:25, Andrey Chernov wrote: > On 06.06.2016 20:22, Ian Lepore wrote: >> On Mon, 2016-06-06 at 20:06 +0300, Andrey Chernov wrote: >>> As variant, I keep hope blacklist sh helper will teach about ipfw >>> soon, >>> it looks possible. Then it can be re-enabled by default. >> No, it should still not be enabled by default. Maybe it should be >> enabled in response to some question in the installer, or maybe even >> better, enabled only if some firewall software that understands it is >> also enabled. But afaik, all the available firewalls are disabled by >> default in defaults/rc.conf, and this should be too. > BTW, it is good idea: to check first, is supported firewall enabled, and > only then enable blacklistd by default. > > Like many others, I think it shouldn't be enabled by default ever, even though it is a useful thing and a service that should be in the small checklist in the installer. FreeBSD has *no* daemons enabled by default except devd and a local sendmail and, since this particular feature is one that many people don't want, this is the wrong time for an expansion of that list. (Thanks for adding this to the system, though, and thanks for changing the setting!) -Nathan