Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 08 Mar 2002 23:40:08 -0500
From:      Tom Rhodes <darklogik@pittgoth.com>
To:        Dima Dorfman <dima@trit.org>
Cc:        freebsd-doc@FreeBSD.ORG, "Gary W. Swearingen" <swear@blarg.net>
Subject:   Re: docs/35686: blackhole(4) page seems to contradict itself in WARNING
Message-ID:  <3C899228.90806@pittgoth.com>
References:  <200203090210.g292A2C52131@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Dima Dorfman wrote:

>The following reply was made to PR docs/35686; it has been noted by GNATS.
>
>From: Dima Dorfman <dima@trit.org>
>To: swear@blarg.net
>Cc: FreeBSD-gnats-submit@freebsd.org
>Subject: Re: docs/35686: blackhole(4) page seems to contradict itself in WARNING 
>Date: Sat, 09 Mar 2002 02:01:46 +0000
>
> "Gary W. Swearingen" <swear@blarg.net> wrote:
> > 
> > >Number:         35686
> > >Category:       docs
> > >Synopsis:       blackhole(4) page seems to contradict itself in WARNING
> > >Description:
> > 
> > The "warnings" section of the blackhole(4) man page has these two
> > statements:
> > 
> >     In order to create a highly secure system, ipfw(8) should be used
> >     for protection, not the blackhole feature.
> > 
> >     This mechanism is not a substitute for securing a system.  It should
> >     be used together with other security mechanisms.
> 
> To me, this sounds more redundant than contradicting (they both say
> that blackhole isn't sufficient for a "secure system"), but I can
> understand how someone might interpret it that way.  Do you have any
> suggestions for a better wording?  Perhaps just removing the first
> paragraph would suffice--that seems more like a plug for ipfw(8) than
> a bug in blackhole(4), anyway.
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-doc" in the body of the message
>
>
Review my last comment on this matter... these 2 paragraphs make me 
question if it can be used with ipfw(8) and other security 
``mechanisms''  If anything, I feel the page isn't giveing enough 
information.  I mean, can you ONLY use blackhole(4) or can you use it 
with ipfw(8)...  If you must use them seperate, then why does 
blackhole(4) even exist...  Sorry if i'm being "newbie" like, but I am 
asking myself these same questions



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C899228.90806>