In some mail from Daniel Hartmeier, sie said: ... > I'm not sure the average user _really_ is worried enough about that > half a second period on boot. But I DO know there will be people locking > themselves out from far-away remote hosts (on updates, for instance) if > this becomes the default.
For me this has always been the over riding reason to have IPFilter always default (as shipped) to default allow. There are just too many things that can go wrong that can lead to no access to a system. That said, I believe NetBSD (and FreeBSD?) have this: options IPFILTER_DEFAULT_BLOCK You might want to do something similar for pf to make this easier for those who (think they) now what they're doing. Darren _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"
