Date: Sun, 15 Dec 2002 10:26:22 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: "M. Warner Losh" <imp@bsdimp.com> Cc: sam@errno.com, mux@FreeBSD.ORG, obrien@FreeBSD.ORG, current@FreeBSD.ORG Subject: Re: ipfw userland breaks again. Message-ID: <200212151826.gBFIQMpo081407@apollo.backplane.com> References: <200212142351.gBENpBVH002931@apollo.backplane.com> <23f401c2a3ce$2a6e7e30$52557f42@errno.com> <200212150015.gBF0FlbS066547@apollo.backplane.com> <20021215.111441.05985858.imp@bsdimp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
:I don't like the patch from a security standpoint. It makes it to
:easy to turn off a firewall. If you want to be that stupid about
:security, you should just make the default be 'accept all' and be done
:with it. I'm opposed to this patch unless you can get the security
:officer to sign off on it. The defaults are there for a reason so
:that we fail 'safe' from a security point of view.
:
:The real fix is to fix the abi problems.
:
:Warner
This is complete BULLSHIT, Warner. This patch exists precisely so
the firewall can be turned on in secure mode. It does not make it
any easier to turn off then adding a rule:
ipfw add 2 allow all from any to any
So don't give me this bullshit about the patch being a security issue.
YOU KNOW IT ISN'T.
Now you are forcing me to go to core. It's absolutely ridiculous and
you know it. Goddamn it, next time I won't even bother posting if all
I get is this sort of crap.
-Matt
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200212151826.gBFIQMpo081407>