On Tue, Aug 23, 2005 at 06:57:43PM -0400, Will H. Backman wrote: > > -----Original Message----- > > From: Theo de Raadt [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, August 23, 2005 6:53 PM > > To: Jason Crawford > > Cc: Will H. Backman; j knight; Misc OpenBSD > > Subject: Re: /usr/share/pf/ suggestion > > <snip> > (Crawling out of my protective hole) > So does it make sense to include a basic pf rule set for a basic > end-user host that blocks everything by default? > I've done it using the example I gave. Don't know if my way has some > errors or not. I'd say punch a hole for SSH. This is because I consider a *NIX box that can not be managed via SSH to be borken.
And, of course, we are only talking about having this as an example and maybe mentioned in a FAQ someplace and not turned on by defualt, right? > -- BOFH excuse #394: Jupiter is aligned with Mars.
