* Peter Hessler <phess...@theapt.org> [2011-01-31 09:37]: > On 2011 Jan 30 (Sun) at 22:48:17 +0100 (+0100), Henning Brauer wrote: > :* Peter Hessler <phess...@theapt.org> [2011-01-30 22:23]: > :> On 2011 Jan 30 (Sun) at 19:04:50 +0100 (+0100), Henning Brauer wrote: > :> :* Stuart Henderson <s...@spacehopper.org> [2011-01-30 19:03]: > :> :> I disagree, I think it is worth mentioning explicity - I have seen > :> :> a few people run into problems because they don't realise the implicit > :> :> rule is effectively "pass flags any no state". > :> : > :> :hmm. ppl should not rely on the implicit pass at all. > :> :last not least we put an explicit pass rule in the default pf.conf. > :> : > :> agreed, but this is a point of confusion for many. > : > :is that really the case? > : > > Yes. I've even done it a few times. > > > :that isn'y new behaviour, and I don't remember anything in that > :direction coming up before. > :my fear is simply that: the more we talk about this default pass > :behaviour, the more ppl might find it clever to rely on it. and that > :is bad. > : > > I think people are already trying to be clever.
then i change my mind and we should add a note that the default pass behaviour (NOT rule, even tho there kinda is a default rule internally...) doesn't lead to state creation. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
