From owner-freebsd-security Fri Sep 20 00:15:40 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id AAA23490 for security-outgoing; Fri, 20 Sep 1996 00:15:40 -0700 (PDT) Received: from scapa.cs.ualberta.ca (root@scapa.cs.ualberta.ca [129.128.4.44]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id AAA23463 for ; Fri, 20 Sep 1996 00:15:37 -0700 (PDT) Received: from ve6kik by scapa.cs.ualberta.ca with UUCP id <13073-12700>; Fri, 20 Sep 1996 01:15:32 -0600 Received: by ve6kik.ampr.ab.ca (Smail3.1.28.1 #5) id m0v3zkF-000O4mC; Fri, 20 Sep 96 01:11 WET DST Received: from localhost (marcs@localhost) by alive.ampr.ab.ca (8.7.5/8.7.3) with SMTP id XAA14970 for ; Thu, 19 Sep 1996 23:55:11 -0600 (MDT) Date: Thu, 19 Sep 1996 23:55:10 -0600 (MDT) From: Marc Slemko To: freebsd-security@FreeBSD.ORG Subject: Re: Could use a favor In-Reply-To: <199609180747.RAA07256@al.imforei.apana.org.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Wed, 18 Sep 1996, Peter Childs wrote: > Consider the situation where you are using a machine running > freebsd on a machine as part of your firewall. You only want selective > packets to be passed. If your machine boots up with a default > policy of "let everything through" then for the time between your > interface being initilized/configured and your rules being > enforced/entered you've just made a large hole in your security. Aside from the possible race condition there, which can be avoided by careful ordering of bootup configuration, there is also the idea of safest possible mode of failure. Consider the case where someone accidently messes up the firewall rules, or the utility used to manage them gets messed up. Do you prefer that no traffic is let through your firewall until it is fixed, or that all traffic is let through until it is fixed?