[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Is a 'PF default to block' setting outside pf.conf a desirablefeature?



Daniel Hartmeier <[email protected]> writes:
> Believe it or not, we now survived more than four years without that
> feature, and noone ever complained (much less called it a 'fatal flaw'),
> so you'll have to excuse me for, well, *yawn*.
OpenBSD does not have a problem as far as I can see.  The problem seems
to be that the /FreeBSD/ PF port for some reason did not bring over the
pre network interface rc bits from OpenBSD. I haven't checked the others
(NetBSD, DragonFlyBSD), so I'm not sure what the status is there.
Anyway the 'window of opportunity' would be ahem, rather small. 
-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
"First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"