bin/153252: [ipfw][patch] ipfw lockdown system in subsequent
call of "/etc/rc.d/ipfw start"
Eugene Grosbein
eugen at grosbein.pp.ru
Fri Dec 17 21:10:16 UTC 2010
The following reply was made to PR bin/153252; it has been noted by GNATS.
From: Eugene Grosbein <eugen at grosbein.pp.ru>
To: bug-followup at freebsd.org
Cc: AlexJ at freebsd.forum
Subject: Re: bin/153252: [ipfw][patch] ipfw lockdown system in subsequent
call of "/etc/rc.d/ipfw start"
Date: Sat, 18 Dec 2010 02:38:45 +0600
1.
> # check if firewall already running to prevent subsequent start calls
One should not unconditionally disable ability of reloading ipfw rules
using "/etc/rc.d/ipfw start" command. For example, it's used extensively
in my systems and does not lead to "lock-down". One should learn
ipfw(8) manual page including CHECKLIST paragraph and make oneself
familiar with proper ways of reloading ipfw over network.
2. Nice catch. However, that's only one of reasons why it is
very bad habit to have "./" in PATH.
3. Please use "diff -u" to make unified diffs,
they are much easier to read.
Eugene Grosbein
More information about the freebsd-bugs
mailing list