I am not replying to every thread on the list. You either have me confused with someone else or there is some kind of imposter or person with a similar name. I'm confused I should say. This was something constructive to say regardless, it was an idea. I remember last time I was using OpenBSD (I had a hiatus) and mmap changes broke a lot of ports. There is supposed to be an emphasis on security, not your scripts. OpenBSD warns about mistakes, it emails you about your mistakes, and it could point out this mistake as well.
On Mon, Dec 12, 2011 at 5:55 AM, James Shupe <jsh...@osre.org> wrote: > No. Modifying a general purpose tool for a specific (albeit common) use > case is stupid. Any properly implemented warning would cause pfctl to > exit non-zero, which would break automated scripts that check the exit > code of pfctl. You would have to add a whole new option to ignore your > specific use case, and even that would require modifying existing > scripts. > > I wish they would ban you from this list already. I'm sick of seeing > your reply to every thread when you never have anything constructive to > say. > I am not replying to every thread on the list. You either have me confused with someone else or there is some kind of imposter or person with a similar name. I'm confused I should say. This was something constructive to say regardless, it was an idea. I remember last time I was using OpenBSD (I had a hiatus) and mmap changes broke a lot of ports. There is supposed to be an emphasis on security, not your scripts. OpenBSD warns about mistakes, it emails you about your mistakes, and it could point out this mistake as well. Perhaps it could be for security(8) to do instead actually. I don't know, I didn't design the fucking system, it was just a suggestion. > On Mon, 2011-12-12 at 05:43 +1100, John Tate wrote: > > It's just whining! Perhaps if should only do it if it has an Internet IP > > address not a LAN or WAN one involved. > > > > On Mon, Dec 12, 2011 at 5:17 AM, Janne Johansson <icepic...@gmail.com > >wrote: > > > > > 2011/12/11 John Tate <j...@johntate.org> > > > > > >> > > >> So I have a suggestion worth considering, if the line "block in all" > does > > >> not appear pfctl -nf should perhaps spit out a warning. Much like > you've > > >> done with your pretty compilers over there. > > >> > > >> > > > There are still lots of reasons to run PF even if you don't want > "block in > > > all" for a default, so whining on all the other uses you couldn't > imagine > > > would not be very productive. > > > > > > -- > > > To our sweethearts and wives. May they never meet. -- 19th century > toast > > -- www.johntate.org
