Date: Thu, 2 Jan 2003 12:12:38 -0700 (MST) From: Nick Rogness <nick@rogness.net> To: Lucky Green <shamrock@cypherpunks.to> Cc: l.rizzo@iet.unipi.it, <doc@FreeBSD.ORG> Subject: RE: IPFW: suicidal defaults Message-ID: <20030102120754.P4054-100000@skywalker.rogness.net> In-Reply-To: <003101c2b28f$f2b0b690$6601a8c0@VAIO650>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 2 Jan 2003, Lucky Green wrote: > > > > This is probably won't happen nor should it. > > > > A lot of firewalls come with default to deny. It is not as > > unusual as you would think. In fact, it makes sense to block by > > default. > > I don't have a problem with the firewall shipping with a default to > deny. What I am having a problem with is the firewall becoming active by > simply recompiling the kernel with firewall options included and without > the user first having to enable the firewall in one of the rc.* config > files. Either ship the firewall with a default to allow (sub-optimal) or > require the user to enable the firewall by creating an entry in rc.*, > but please, please require some positive act from the administrator > other than compiling in kernel options before that beast goes live. Ummm, unless things have changed, just recompiling the kernel with 'options IPFIREWALL' won't enable your firewall. You need the corresponding option in /etc/rc.conf : firewall_enable="YES" If you recompiled your kernel with 'options IPFIREWALL' and didn't enable the above switch in /etc/rc.conf then your problem isn't the firewall blocking you. Chances are your kernel won't load properly on the machine the way you compiled it. Nick Rogness <nick@rogness.net> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030102120754.P4054-100000>