Date: Tue, 27 Oct 1998 07:08:36 +0100 (MET) From: Luigi Rizzo <luigi@labinfo.iet.unipi.it> To: jkb@best.com (Jan B. Koum) Cc: freebsd-net@FreeBSD.ORG Subject: Re: tcp resets with ipfw Message-ID: <199810270608.HAA03617@labinfo.iet.unipi.it> In-Reply-To: <19981026224146.A9124@best.com> from "Jan B. Koum" at Oct 26, 98 10:41:27 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> Hello, > > It will really be sad when someday someone with root access to > FreeBSD box does (either accidently or on purpose): > > # ipfw add 1 reset tcp from any to any > > While one might argue this is equivalent to doing "rm -rf /*", > many people alias rm to rm -i. Would it make sence to have > ipfw code check to make sure people don't take down the network > by making a typo or some such? If so, how would we do that? I like > the way Cisco routers do: > > This may severely impact network performance. Continue? [confirm] because any modification to the firewall "may severely impact network performance" you'll have to primt message in all cases, at which point people will alias ipfw to avoid the message. The problem exists for far too many commands including ifconfig XXX delete etc. cheers luigi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199810270608.HAA03617>