RE: Any ongoing effort to port /etc/rc.d/pf_boot, /etc/pf.boot.conf from NetBSD ?
- From: "Greg Hennessy" <Greg.Hennessy@xxxxxxxx>
- Date: Sun, 16 Jul 2006 23:56:35 +0100
I'm not sure the average user _really_ is worried enough
about that half a second period on boot. But I DO know there
will be people locking themselves out from far-away remote
hosts (on updates, for instance) if this becomes the default.
That is pretty much guaranteed. Murphy will always find a way to f*ck up a
reboot and simultaneously cause the 2611 on the console port to halt and
catch fire.
If punters want a default block, IMHO it doesn?t get much easier than using
the mac_ifoff(4) kernel option discussed earlier on in the week, they can
tweak the pf startup to twiddle the relevant sysctl appropriately at the
right moment in time.
In order to salve the consciences of those who know naught but tick boxes,
and more importantly make them STFU and annoy someone else.
Perhaps a codicil to the FreeBSD pf.conf manpage, detailing the mac_ifoff
approach as a wholly unsupported solution for 'default block' to satisfy the
anally retentive.
Greg
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- References:
- Re: Any ongoing effort to port /etc/rc.d/pf_boot, /etc/pf.boot.conf from NetBSD ?
- From: Daniel Hartmeier
- Re: Any ongoing effort to port /etc/rc.d/pf_boot, /etc/pf.boot.conf from NetBSD ?
- Prev by Date: Re: Any ongoing effort to port /etc/rc.d/pf_boot, /etc/pf.boot.conf from NetBSD ?
- Next by Date: Re: Any ongoing effort to port /etc/rc.d/pf_boot, /etc/pf.boot.conf from NetBSD ?
- Previous by thread: Re: Any ongoing effort to port /etc/rc.d/pf_boot, /etc/pf.boot.conf from NetBSD ?
- Next by thread: Re: Any ongoing effort to port /etc/rc.d/pf_boot, /etc/pf.boot.conf from NetBSD ?
- Index(es):
Relevant Pages
|
|
