On Mon, 2016-06-06 at 20:06 +0300, Andrey Chernov wrote: > On 06.06.2016 20:00, Ian Lepore wrote: > > Probably everyone assumed (like I did) that it would be disabled by > > default, and didn't notice that wasn't the case. Your response > > indicates the problem with "default enabled"... you mention > > enabling > > packet filtering in pf.conf, my response is: WTF is pf.conf and > > why > > are you assuming I do any kind of packet filtering? > > > > I have literally dozens of systems here running freebsd, only one > > of > > them runs ipfw, and most of them are systems with small memory and > > wimpy processors, so why would I want extra do-nothing network > > daemons > > running on them by default? > > As variant, I keep hope blacklist sh helper will teach about ipfw > soon, > it looks possible. Then it can be re-enabled by default.
No, it should still not be enabled by default. Maybe it should be enabled in response to some question in the installer, or maybe even better, enabled only if some firewall software that understands it is also enabled. But afaik, all the available firewalls are disabled by default in defaults/rc.conf, and this should be too. -- Ian _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
