Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 28 Jan 2002 11:51:49 -0800 (PST)
From:      Patrick Greenwell <patrick@stealthgeeks.net>
To:        "Robert D. Hughes" <rob@robhughes.com>
Cc:        Nate Williams <nate@yogotech.com>, Justin White <justinfinity@mac.com>, <freebsd-stable@FreeBSD.ORG>
Subject:   RE: firewall config (CTFM)
Message-ID:  <20020128113806.O95859-100000@rockstar.stealthgeeks.net>
In-Reply-To: <B95B566BD245174196CA4EE29E5818831B6469@HEXCH01.robhughes.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 28 Jan 2002, Robert D. Hughes wrote:

> While this will probably get me flamed to no end, users not reading the
> docs and keeping up with advisories (sys admins are users too) is only
> the cause of little things like nimda, code red, and probably at least
> 90% of all the other problems people report with any system.

It's always amusing when "keyword commentators" chime in. You know the
type; a certain set of keywords trigger a post from these well-intentioned
folks that usually haven't bothered to read an entire thread.

I've said it repeatedly, but since you weren't paying attention, I'll say
it specifically for your benefit: there is no documentation on the
ineffectiveness of setting firewall_enable to no, anywhere. One is left to
their crystal ball and various and sundry scrying devices in order to
intuit that unlike setting firewall_enable to yes, setting firewall_enable
to no doesn't do anything and leaves you with a box that doesn't pass packets.

[insert obligatory follow-up argument from other parties that says that
people that are smart enough to compile a firewall into their kernel
aren't smart enough to enable it so it needs to be done for them
regardless.]

/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
                               Patrick Greenwell
                     Stealthgeeks,LLC. Operations Consulting
                          http://www.stealthgeeks.net
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020128113806.O95859-100000>