> I'm not sure the average user _really_ is worried enough > about that half a second period on boot. But I DO know there > will be people locking themselves out from far-away remote > hosts (on updates, for instance) if this becomes the default.
That is pretty much guaranteed. Murphy will always find a way to f*ck up a reboot and simultaneously cause the 2611 on the console port to halt and catch fire. If punters want a default block, IMHO it doesnt get much easier than using the mac_ifoff(4) kernel option discussed earlier on in the week, they can tweak the pf startup to twiddle the relevant sysctl appropriately at the right moment in time. In order to salve the consciences of those who know naught but tick boxes, and more importantly make them STFU and annoy someone else. Perhaps a codicil to the FreeBSD pf.conf manpage, detailing the mac_ifoff approach as a wholly unsupported solution for 'default block' to satisfy the anally retentive. Greg _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"
