Date: Sun, 16 Jul 2006 23:56:35 +0100 From: "Greg Hennessy" <Greg.Hennessy@nviz.net> To: "'Daniel Hartmeier'" <daniel@benzedrine.cx>, =?iso-8859-1?Q?'Dag-Erling_Sm=F8rgrav'?= <des@des.no> Cc: freebsd-security@freebsd.org, freebsd-pf@freebsd.org Subject: RE: Any ongoing effort to port /etc/rc.d/pf_boot, /etc/pf.boot.conf from NetBSD ? Message-ID: <000c01c6a92b$167fcd00$0a00a8c0@thebeast> In-Reply-To: <20060716214456.GE3240@insomnia.benzedrine.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
=20 > I'm not sure the average user _really_ is worried enough=20 > about that half a second period on boot. But I DO know there=20 > will be people locking themselves out from far-away remote=20 > hosts (on updates, for instance) if this becomes the default. That is pretty much guaranteed. Murphy will always find a way to f*ck up = a reboot and simultaneously cause the 2611 on the console port to halt and catch fire.=20 If punters want a default block, IMHO it doesn=92t get much easier than = using the mac_ifoff(4) kernel option discussed earlier on in the week, they = can tweak the pf startup to twiddle the relevant sysctl appropriately at the right moment in time.=20 In order to salve the consciences of those who know naught but tick = boxes, and more importantly make them STFU and annoy someone else.=20 Perhaps a codicil to the FreeBSD pf.conf manpage, detailing the = mac_ifoff approach as a wholly unsupported solution for 'default block' to satisfy = the anally retentive.=20 Greg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000c01c6a92b$167fcd00$0a00a8c0>