Date: Fri, 25 Jan 2002 18:11:33 -0800 (PST) From: Patrick Greenwell <patrick@stealthgeeks.net> To: Mike Meyer <mwm-dated-1012442737.170460@mired.org> Cc: Bob K <melange@yip.org>, <stable@FreeBSD.ORG> Subject: Re: Firewall config non-intuitiveness Message-ID: <20020125180928.K55603-100000@rockstar.stealthgeeks.net> In-Reply-To: <15442.3825.38443.26350@guru.mired.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 25 Jan 2002, Mike Meyer wrote:
> Patrick Greenwell <patrick@stealthgeeks.net> types:
> > On Fri, 25 Jan 2002, Bob K wrote:
> > > The problem is that you're not taking into account the installed base of
> > > users who twiddle this knob. How many angry firewall admins will come
> > > into being when the behaviour suddenly stops being, "don't load any
> > > firewall rules" and starts being, "disable the firewall"?
> > I could be mistaken, but it would seem to me that the number of
> > individuals that really want to deny all traffic to and from their
> > machine(which is the current result of setting firewall_enable to no)
> > is relatively small.
>
> Actually, that's the base you want to start with when building a
> firewall. You then go on to allow in traffic that you want to pass
> through.
That's right, but it that case you wouldn't be setting firewall_enable to
"no" since you *want* a firewall.
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
Patrick Greenwell
Stealthgeeks,LLC. Operations Consulting
http://www.stealthgeeks.net
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020125180928.K55603-100000>