Garance A Drosihn <[EMAIL PROTECTED]> types:
> At 12:28 AM -0500 1/31/02, Garance A Drosihn wrote:
> Why should only Joe Experienced User be getting the benefit of
> booting up with the firewall active? Now, I am *definitely* not
> suggesting this for -stable, but why don't we have the default
> GENERIC kernel include the firewall support? Why should anyone
> *have* to compile a kernel to get this full-time protection?
> ("fulltime" meaning "firewall active for the entire boot sequence").
What's the danger in not having a firewall if you haven't turned any
of the network interfaces on? Granted, we don't do that now for ipfw
firewalls, but that could be fixed.
For that matter, the firewall is turned on before any network services
are started, so there shouldn't be a serious problem, barring things
like the old ping-of-death.
<mike
--
Mike Meyer <[EMAIL PROTECTED]> http://www.mired.org/home/mwm/
Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message
