[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Is a 'PF default to block' setting outside pf.conf a desirablefeature?

Daniel Hartmeier <[email protected]> writes:
> Believe it or not, we now survived more than four years without that
> feature, and noone ever complained (much less called it a 'fatal flaw'),
> so you'll have to excuse me for, well, *yawn*.
OpenBSD does not have a problem as far as I can see.  The problem seems
to be that the /FreeBSD/ PF port for some reason did not bring over the
pre network interface rc bits from OpenBSD. I haven't checked the others
(NetBSD, DragonFlyBSD), so I'm not sure what the status is there.
Anyway the 'window of opportunity' would be ahem, rather small. 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
"First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"