Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 25 Mar 2000 19:45:12 -0800
From:      Doug Barton <Doug@gorean.org>
To:        Tom Legg <tjlegg@shore.net>
Cc:        freebsd-stable@freebsd.org
Subject:   Re: Minor rc.network bug for 4.0 and ipfw
Message-ID:  <38DD87C8.8D8FC976@gorean.org>
References:  <p04310101b5032cb2a0b9@[207.244.92.51]>

next in thread | previous in thread | raw e-mail | index | archive | help
Tom Legg wrote:

> The current situation creates a potential problem for 4.0 admins (at
> least I didn't notice it until I upgraded to the 4.0 kernel)

	This situation hasn't changed. It's always been this way. 
 
> If you compile a kernel with ipfw in the kernel but do nothing to
> modify /etc/defaults/rc.conf and boot, net.inet.ip.fw.enable is set
> to 1 and since the defaults for enable is NO, no further action is
> done upon the firewall scripts.

	The theory is that a sysadmin who is enabling these options will have
read the documentation and done what he can to properly prepare. For
those who are concerned about foot shooting, the "default to accept"
kernel option is available. 

	If you're really needing a secure firewall, it's more important that it
is secure from boot, with or without the ability to read the rc scripts.
If you don't need that level of security, other options are available to
you. 

Good luck,

Doug
-- 
    "So, the cows were part of a dream that dreamed itself into
existence? Is that possible?" asked the student incredulously.
    The master simply replied, "Mu."


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38DD87C8.8D8FC976>