Things to remove from /rescue
Sheldon Hearn
sheldonh at starjuice.net
Tue Jul 22 08:31:06 PDT 2003
On (2003/07/22 08:11), David O'Brien wrote:
> > ipfw -q flush
> > ipfw add pass ip from any to any via lo0
> > ipfw add check-state
> > ipfw add pass udp from me to any domain,ntp out keep-state
>
> You need to run NTP to rescue your FUBAR'ed /lib???
I don't understand why you chopped off the significant rule:
> > ipfw add pass tcp from me to any out setup keep-state
So let me restate DES case without examples.
It may be that someone wishing to recover a hosed box will both
a) want access to some network-hosted resource, and
b) want to maintain network security while accessing that resource.
I don't see this as an unreasonable requirement, and I can't see what
great cost it incurs that would motivate us to remove support for it.
And remember, this is just one aspect of your "trimming down /rescue".
Nobody's insisting that we keep the bath water. :-)
Ciao,
Sheldon.
More information about the freebsd-arch
mailing list