Date: Wed, 28 Sep 2005 14:24:19 +0200 (CEST) From: Oliver Fromme <olli@lurza.secnetix.de> To: freebsd-ipfw@FreeBSD.ORG Subject: Re: Enable ipfw without rebooting Message-ID: <200509281224.j8SCOJUv047047@lurza.secnetix.de> In-Reply-To: <8CEFEBE0-CC91-4FA6-8453-DF42AA9445A5@bnc.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Achim Patzner <ap@bnc.net> wrote: > Oliver Fromme wrote: > > No. Performing a reboot is a rather bad idea. > > Actually _loading kernel modules you haven't been using before_ Lots of people have been using it before. (Personally I prefer to compile it statically in the kernel, though.) > without scheduling a reboot (which can be cancelled just as easily as > removing an at job) is (not only in my opinion) a stupid idea. Apropos ideas: Not having remote console access to a machine which is located at 800 km distance is (not only in my opinion) a stupid idea. ;-) > > A much better way would be a small "at" job that inserts > > an appropriate "allow" rule: > > Where's the advantage? A solution that doesn't require a reboot is always better, especially on production machines. This isn't Windows, after all. For changing (and testing) rules, there's an even more elegant (and non-[qddisruptive) solution, see: /usr/share/examples/ipfw/change_rules.sh Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. Passwords are like underwear. You don't share them, you don't hang them on your monitor or under your keyboard, you don't email them, or put them on a web site, and you must change them very often.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200509281224.j8SCOJUv047047>