Date: Tue, 27 Feb 1996 01:05:48 +1100 (EST) From: michael butler <imb@scgt.oz.au> To: phk@critter.tfs.com (Poul-Henning Kamp) Cc: stable@freebsd.org, current@freebsd.org Subject: Re: -stable hangs at boot (fwd) Message-ID: <199602261405.BAA09438@asstdc.scgt.oz.au> In-Reply-To: <11445.825342415@critter.tfs.com> from "Poul-Henning Kamp" at Feb 26, 96 02:46:55 pm
next in thread | previous in thread | raw e-mail | index | archive | help
Poul-Henning Kamp writes: > Well, this happens to be your view. I know machines where IPFW are being > used to restrict what users on the machine can do, this is only possible > if you filter >ALL< traffic, to and from the machine. OK .. but, personally, I wouldn't call or attempt to use those boxes as firewalls .. any "sensitive" firewall/filtering router I have control over has two valid accounts which have any access at all, mine and one other, with limited privilege, for daily monitoring. No users == much reduced risk. If security is _that_ important, investing in a dedicated box to do the job is cheap at triple the price :-) > The IPFW is not a policy, it's a tool to implement policies. As such it > needs to be able to implement the widest possible range of policies. I can see where you're coming from .. but this behaviour caught me out because it is unusual and I'm sure it'll catch many others :-(. > You should be on -committers if you run -stable or -current. If you were, > you would have seen it. If I could get half-way through the stuff I'm obliged to read now .. <sigh> michael
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199602261405.BAA09438>