Things to remove from /rescue
Luigi Rizzo
rizzo at icir.org
Thu Jul 17 01:50:53 PDT 2003
On Thu, Jul 17, 2003 at 01:43:33AM -0700, John-Mark Gurney wrote:
> David O'Brien wrote this message on Thu, Jul 17, 2003 at 01:08 -0700:
> > - ipfw & natd & ipf & ipfs & ipfstat & ipmon & ipnan, why would one needs
> > these? /rescue is to fix a borked /, not replace PicoBSD.
>
> ipfw I can see as useful. If you have a kernel that defaults to closed,
> and you need to access the network, then this is a problem. If we had
actually, this is trivial to fix:
sysctl net.inet.ip.fw.enable=0
> a loader tunable to make a closed firewall open, then this wouldn't be
why does this need to be a loader tunable at all and not just an
ordinary sysctl ? Just having the rights to issue the ipfw
setsockopt() suffices to add a rule and effectively change the
default behaviour. And this is (in terms of permissions) no different
from issuing a sysctl.
cheers
luigi
More information about the freebsd-arch
mailing list