Date: Tue, 22 Jul 2003 08:11:38 -0700 From: "David O'Brien" <obrien@FreeBSD.org> To: Dag-Erling Sm?rgrav <des@des.no> Cc: freebsd-arch@FreeBSD.org Subject: Re: Things to remove from /rescue Message-ID: <20030722151138.GB72888@dragon.nuxi.com> In-Reply-To: <xzpn0f76i69.fsf@dwp.des.no> References: <20030719171138.GA86442@dragon.nuxi.com> <XFMail.20030721151553.jhb@FreeBSD.org> <20030721202314.GC21068@dragon.nuxi.com> <xzpn0f76i69.fsf@dwp.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jul 22, 2003 at 11:10:22AM +0200, Dag-Erling Sm?rgrav wrote: > "David O'Brien" <obrien@FreeBSD.org> writes: > > If I did need to get to the Internet to get bits, what does ipfw do > > for me that "sysctl net.inet.ip.fw.enable=0" doesn't? > > ipfw -q flush > ipfw add pass ip from any to any via lo0 > ipfw add check-state > ipfw add pass udp from me to any domain,ntp out keep-state You need to run NTP to rescue your FUBAR'ed /lib??? If you're this worried about someone breaking into you when you've got *zero* services running, use a 2nd machine to get those magical bits from the Internet that will fix your FUBAR'ed /lib. -- -- David (obrien@FreeBSD.org)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030722151138.GB72888>