svn commit: r301226 - in head: etc etc/defaults etc/periodic/security etc/rc.d lib lib/libblacklist libexec libexec/blacklistd-helper share/mk tools/build/mk usr.sbin usr.sbin/blacklistctl usr.sbin...

[Slawa Olhovchenkov]

On Mon, Jun 06, 2016 at 08:25:01PM +0300, Andrey Chernov wrote:

> On 06.06.2016 20:22, Ian Lepore wrote:
> > On Mon, 2016-06-06 at 20:06 +0300, Andrey Chernov wrote:
> >> As variant, I keep hope blacklist sh helper will teach about ipfw
> >> soon,
> >> it looks possible. Then it can be re-enabled by default.
> > 
> > No, it should still not be enabled by default.  Maybe it should be
> > enabled in response to some question in the installer, or maybe even
> > better, enabled only if some firewall software that understands it is
> > also enabled.  But afaik, all the available firewalls are disabled by
> > default in defaults/rc.conf, and this should be too.
> 
> BTW, it is good idea: to check first, is supported firewall enabled, and
> only then enable blacklistd by default.

What purpose? SUDDENLY lockout access to own host after some mistake
in password?
I am already touch issuse with default enforcing DNSSEC in unbound and
broken date in CMOS -- inposible to do any DNS queries and imposible
to automatic time sync.