From owner-freebsd-current Sun Dec 15 10:15:24 2002 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1154137B401; Sun, 15 Dec 2002 10:15:23 -0800 (PST) Received: from harmony.village.org (rover.bsdimp.com [204.144.255.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id E73F243EDA; Sun, 15 Dec 2002 10:15:21 -0800 (PST) (envelope-from imp@bsdimp.com) Received: from localhost (warner@rover2.village.org [10.0.0.1]) by harmony.village.org (8.12.6/8.12.3) with ESMTP id gBFIF6uB098945; Sun, 15 Dec 2002 11:15:06 -0700 (MST) (envelope-from imp@bsdimp.com) Date: Sun, 15 Dec 2002 11:14:41 -0700 (MST) Message-Id: <20021215.111441.05985858.imp@bsdimp.com> To: dillon@apollo.backplane.com Cc: sam@errno.com, mux@FreeBSD.ORG, obrien@FreeBSD.ORG, current@FreeBSD.ORG Subject: Re: ipfw userland breaks again. From: "M. Warner Losh" In-Reply-To: <200212150015.gBF0FlbS066547@apollo.backplane.com> References: <200212142351.gBENpBVH002931@apollo.backplane.com> <23f401c2a3ce$2a6e7e30$52557f42@errno.com> <200212150015.gBF0FlbS066547@apollo.backplane.com> X-Mailer: Mew version 2.1 on Emacs 21.2 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In message: <200212150015.gBF0FlbS066547@apollo.backplane.com> Matthew Dillon writes: : :I disagree with committing this hack; keep it as a local mod if you must. : : : :As to the problem; don't wait for Luigi to "fix the ABI problems", do it : :yourself. Good things happen when folks are PO'd and won't settle for the : :status quo. : : : : Sam : : I'm sorry you disagree, but it doesn't change my position. I am not : in the business of rewriting other people's APIs. If it means so much : to you, YOU go and fix it. No? Then don't complain about my fix. It's : no skin off your nose and it will prevent a lot of future headaches, : especially if the RC system makes it nice and friendly. I don't like the patch from a security standpoint. It makes it to easy to turn off a firewall. If you want to be that stupid about security, you should just make the default be 'accept all' and be done with it. I'm opposed to this patch unless you can get the security officer to sign off on it. The defaults are there for a reason so that we fail 'safe' from a security point of view. The real fix is to fix the abi problems. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message