From owner-freebsd-current Mon Feb 26 05:41:38 1996 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id FAA18988 for current-outgoing; Mon, 26 Feb 1996 05:41:38 -0800 (PST) Received: from asstdc.scgt.oz.au (root@asstdc.scgt.oz.au [202.14.234.65]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id FAA18978 Mon, 26 Feb 1996 05:41:31 -0800 (PST) Received: (from imb@localhost) by asstdc.scgt.oz.au (8.6.12/BSD4.4) id AAA09032; Tue, 27 Feb 1996 00:41:16 +1100 From: michael butler Message-Id: <199602261341.AAA09032@asstdc.scgt.oz.au> Subject: Re: -stable hangs at boot (fwd) To: phk@critter.tfs.com (Poul-Henning Kamp) Date: Tue, 27 Feb 1996 00:41:15 +1100 (EST) Cc: stable@freebsd.org, current@freebsd.org In-Reply-To: <11364.825341183@critter.tfs.com> from "Poul-Henning Kamp" at Feb 26, 96 02:26:23 pm X-Mailer: ELM [version 2.4 PL24beta] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-current@freebsd.org Precedence: bulk Poul-Henning Kamp writes: > > If you ^C your way to a shell prompt, there's a single rule that's in > > the firewall list saying "deny all from any to any". Courtesy of the > > same recent brain-damage in ipfw(8), you can't delete this rule either > > ("setsockopt failed"). > If you call this "brain-damage" then you quite clearly don't need IPFW. I call it "brain-damage" to render a machine unbootable because it can't "see" it's _own_ interfaces. AFAIK, firewalls by default prevent packets passing _through_ them but are themselves permitted to talk to anything they have a route to (the previous behaviour with a default policy of "deny"). A direct connection (interface in the same box) constitutes having a "route to". Further, there are no hints whatsoever in the current rc, sysconfig, netstart, et al to indicate that this (current condition) is the problem. Even if this (IMHO unusual) behaviour was documented it wouldn't be so much of a problem, michael