Date: Wed, 26 Dec 2001 10:16:49 -0800 From: "Crist J . Clark" <cristjc@earthlink.net> To: Igor M Podlesny <poige@morning.ru> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: /etc/rc.firewall and /sys/netinet/ip_input.c are doing the same thing Message-ID: <20011226101649.A2090@blossom.cjclark.org> In-Reply-To: <18957829724.20011226144634@morning.ru>; from poige@morning.ru on Wed, Dec 26, 2001 at 02:46:34PM %2B0700 References: <Pine.BSF.4.33.0112231015180.35760-100000@resnet.uoregon.edu> <107466819110.20011224191009@morning.ru> <20011225151328.A136@gohan.cjclark.org> <18957829724.20011226144634@morning.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Dec 26, 2001 at 02:46:34PM +0700, Igor M Podlesny wrote:
>
> > On Mon, Dec 24, 2001 at 07:10:09PM +0700, Igor M Podlesny wrote:
> >>
> >> well, not all the same, but partly. Take a look:
>
> > Yes. We know.
>
> Well. It doesn't surprise me.
>
> P.S. Is it a `feature'? ;)
>
> P.P.S. Talking seriously (as much as possible ;), which reasons don't
> let removing of 3 lines from rc.firewall?
The reason not to remove them is to avoid the steady stream of emails
to -questions, -security, -ipfw, and -net from people unaware of the
built-in protection from loopback addresses informing us that we
should have rules like that by default. The rules don't hurt
anything (just _try_ to measure a performance impact), but you should
of course feel free to not include them in your own firewall scripts.
--
"It's always funny until someone gets hurt. Then it's hilarious."
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011226101649.A2090>