Date: Mon, 06 Jun 2016 11:22:44 -0600 From: Ian Lepore <ian@freebsd.org> To: Andrey Chernov <ache@freebsd.org>, lidl@FreeBSD.org, Matteo Riondato <rionda@gmail.com> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r301226 - in head: etc etc/defaults etc/periodic/security etc/rc.d lib lib/libblacklist libexec libexec/blacklistd-helper share/mk tools/build/mk usr.sbin usr.sbin/blacklistctl usr.sbin... Message-ID: <1465233764.1188.9.camel@freebsd.org> In-Reply-To: <9aafd3b8-ebe2-5ac8-e91b-31ffed34eff1@freebsd.org> References: <201606021906.u52J649H019481@repo.freebsd.org> <BC308CA2-2EE2-448A-9641-0BB769045868@gmail.com> <90df7c5b-7680-3de0-68ba-ab9bd1c9d73e@FreeBSD.org> <1465232404.1188.5.camel@freebsd.org> <9aafd3b8-ebe2-5ac8-e91b-31ffed34eff1@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 2016-06-06 at 20:06 +0300, Andrey Chernov wrote: > On 06.06.2016 20:00, Ian Lepore wrote: > > Probably everyone assumed (like I did) that it would be disabled by > > default, and didn't notice that wasn't the case. Your response > > indicates the problem with "default enabled"... you mention > > enabling > > packet filtering in pf.conf, my response is: WTF is pf.conf and > > why > > are you assuming I do any kind of packet filtering? > > > > I have literally dozens of systems here running freebsd, only one > > of > > them runs ipfw, and most of them are systems with small memory and > > wimpy processors, so why would I want extra do-nothing network > > daemons > > running on them by default? > > As variant, I keep hope blacklist sh helper will teach about ipfw > soon, > it looks possible. Then it can be re-enabled by default. No, it should still not be enabled by default. Maybe it should be enabled in response to some question in the installer, or maybe even better, enabled only if some firewall software that understands it is also enabled. But afaik, all the available firewalls are disabled by default in defaults/rc.conf, and this should be too. -- Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1465233764.1188.9.camel>