>>>>> "Doug" == Doug Barton <[EMAIL PROTECTED]> writes:
Doug> Kian Mohageri wrote: >> I agree VERY MUCH with this sort of approach. It would be a much >> cleaner solution than completely separate handling of all of these >> different problems. I'm trying to get an idea of what all of the >> major problems with the current order are, and these are the ones >> I'm aware of: >> >> - ipfw blocks by default (names unresolvable, rtsol breaks) - >> ipf/pf pass by default (services are unprotected) >> >> I think a firewall_boot script (similar to what you've proposed) >> could potentially solve all of these problems. Doug> exception, not the rule. Furthermore (and I'm betraying a Doug> prejudice here) I think that firewall rules that rely on name Doug> resolution are absolutely nuts, and I say that with many years Doug> of experience as a professional DNS and system administrator. I think you're misreading the above. The poster is saying that because ipfw's default behaviour is block, loading it at the wrong time can break other startup items because they require name resolution or the sending of packets (rtsol). Dave. -- ============================================================================ |David Gilbert, Independent Contractor. | Two things can be | |Mail: [EMAIL PROTECTED] | equal if and only if they | |http://daveg.ca | are precisely opposite. | =========================================================GLO================ _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
