RE: Any ongoing effort to port /etc/rc.d/pf_boot,
=20
> I'm not sure the average user _really_ is worried enough=20
> about that half a second period on boot. But I DO know there=20
> will be people locking themselves out from far-away remote=20
> hosts (on updates, for instance) if this becomes the default.
That is pretty much guaranteed. Murphy will always find a way to f*ck up =
a
reboot and simultaneously cause the 2611 on the console port to halt and
catch fire.=20
If punters want a default block, IMHO it doesn=92t get much easier than =
using
the mac_ifoff(4) kernel option discussed earlier on in the week, they =
can
tweak the pf startup to twiddle the relevant sysctl appropriately at the
right moment in time.=20
In order to salve the consciences of those who know naught but tick =
boxes,
and more importantly make them STFU and annoy someone else.=20
Perhaps a codicil to the FreeBSD pf.conf manpage, detailing the =
mac_ifoff
approach as a wholly unsupported solution for 'default block' to satisfy =
the
anally retentive.=20
Greg
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"