From owner-freebsd-arch@FreeBSD.ORG  Thu Jul 17 01:50:52 2003
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: freebsd-arch@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D507637B401
	for <freebsd-arch@freebsd.org>; Thu, 17 Jul 2003 01:50:52 -0700 (PDT)
Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5F09343F93
	for <freebsd-arch@freebsd.org>; Thu, 17 Jul 2003 01:50:52 -0700 (PDT)
	(envelope-from rizzo@xorpc.icir.org)
Received: from xorpc.icir.org (localhost [127.0.0.1])
	by xorpc.icir.org (8.12.8p1/8.12.3) with ESMTP id h6H8oqkN046437;
	Thu, 17 Jul 2003 01:50:52 -0700 (PDT)
	(envelope-from rizzo@xorpc.icir.org)
Received: (from rizzo@localhost)
	by xorpc.icir.org (8.12.8p1/8.12.3/Submit) id h6H8oqLk046436;
	Thu, 17 Jul 2003 01:50:52 -0700 (PDT)
	(envelope-from rizzo)
Date: Thu, 17 Jul 2003 01:50:52 -0700
From: Luigi Rizzo <rizzo@icir.org>
To: freebsd-arch@freebsd.org
Message-ID: <20030717015052.B46015@xorpc.icir.org>
References: <20030717080805.GA98878@dragon.nuxi.com>
	<20030717084333.GB35337@funkthat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <20030717084333.GB35337@funkthat.com>;
	from gurney_j@efn.org on Thu, Jul 17, 2003 at 01:43:33AM -0700
Subject: Re: Things to remove from /rescue
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussion related to FreeBSD architecture
	<freebsd-arch.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Jul 2003 08:50:53 -0000

On Thu, Jul 17, 2003 at 01:43:33AM -0700, John-Mark Gurney wrote:
> David O'Brien wrote this message on Thu, Jul 17, 2003 at 01:08 -0700:
> > - ipfw & natd & ipf & ipfs & ipfstat & ipmon & ipnan, why would one needs
> >   these?  /rescue is to fix a borked /, not replace PicoBSD.
> 
> ipfw I can see as useful.  If you have a kernel that defaults to closed,
> and you need to access the network, then this is a problem.  If we had

actually, this is trivial to fix:

	sysctl net.inet.ip.fw.enable=0

> a loader tunable to make a closed firewall open, then this wouldn't be

why does this need to be a loader tunable at all and not just an
ordinary sysctl ?  Just having the rights to issue the ipfw
setsockopt() suffices to add a rule and effectively change the
default behaviour.  And this is (in terms of permissions) no different
from issuing a sysctl.

	cheers
	luigi