Date: Tue, 27 Feb 1996 00:41:15 +1100 (EST) From: michael butler <imb@scgt.oz.au> To: phk@critter.tfs.com (Poul-Henning Kamp) Cc: stable@freebsd.org, current@freebsd.org Subject: Re: -stable hangs at boot (fwd) Message-ID: <199602261341.AAA09032@asstdc.scgt.oz.au> In-Reply-To: <11364.825341183@critter.tfs.com> from "Poul-Henning Kamp" at Feb 26, 96 02:26:23 pm
next in thread | previous in thread | raw e-mail | index | archive | help
Poul-Henning Kamp writes:
> > If you ^C your way to a shell prompt, there's a single rule that's in
> > the firewall list saying "deny all from any to any". Courtesy of the
> > same recent brain-damage in ipfw(8), you can't delete this rule either
> > ("setsockopt failed").
> If you call this "brain-damage" then you quite clearly don't need IPFW.
I call it "brain-damage" to render a machine unbootable because it can't
"see" it's _own_ interfaces. AFAIK, firewalls by default prevent packets
passing _through_ them but are themselves permitted to talk to anything they
have a route to (the previous behaviour with a default policy of "deny"). A
direct connection (interface in the same box) constitutes having a "route to".
Further, there are no hints whatsoever in the current rc, sysconfig,
netstart, et al to indicate that this (current condition) is the problem.
Even if this (IMHO unusual) behaviour was documented it wouldn't be so much
of a problem,
michael
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199602261341.AAA09032>